Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Invision Power Board <= 2.2.2 Authentication Bypass

Low

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running Invision Board, a CGI suite designed to set up a bulletin board system on the remote web server. This version of Invision Board is vulnerable to a flaw in the way that the 'sources/action_public/xmlout.php' script handles user-supplied data. An attacker exploiting this flaw would be able to change the instant messenger profile of another user. This could lead to a loss of confidential data.

Solution

Upgrade or patch according to vendor recommendations.