CVE-2006-7064

Properties

Published:
22.02.2007
Updated:
27.02.2007
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Product:
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board
Invision Power Services: Invision Power Board

Vulnerability description

Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

References:

BUGTRAQ: http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html
BID: http://www.securityfocus.com/bid/18450
XF: http://xforce.iss.net/xforce/xfdb/27069