Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Invision Power Board < 3.0.5 Multiple Vulnerabilities (deprecated)

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Invision Power Board, a PHP bulletin board application. The installed version of Invision Power Board is potentially affected by multiple vulnerabilities :

- A local-file include vulnerability that affects the 'section' parameter sent to the 'forum/index.php' script.

- A sql-injection vulnerability that affects the 'starter' and 'state' parameters of the 'admin/applications/forum/modules_public/moderate/moderate.php' script.

- A cross-site scripting vulnerability caused by incorrect handling of '.txt' file attachments.

Solution

Upgrade to Invision Power Board 3.0.5 or later.