Invision Power Board 'unserialize()' PHP Code Execution Network Vulnerability

Summary

Invision Power Board is prone to a PHP Code Execution vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to inject and execute arbitrary malicious PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system other attacks are also possible.

Solution

The vendor has released a patch to address this vulnerability.

References

http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/
http://osvdb.org/show/osvdb/86702
http://www.exploit-db.com/exploits/22398/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
Admbook PHP Code Injection Flaw
Baby Gekko CMS Multiple Vulnerabilities
Alchemy Eye HTTP Command Execution
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014

Take action and discover your vulnerabilities