Invision Invision Power Services Invision Power Board 代码注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189129 漏洞类型 代码注入
发布时间 2007-09-17 更新时间 2007-09-17
CVE编号 CVE-2007-4913 CNNVD-ID CNNVD-200709-205
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/85404
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-205
|漏洞详情
InvisionPowerBoard(IPBorIP.Board)2.3.1升级至20070912中的ips_kernel/class_upload.php允许远程攻击者上传定制图像文件名的任意脚本文件到uploads/,会保存为.txt扩展名并不会被执行。
|受影响的产品
Invision Power Services Invision Power Board 2.3.1 Invision Power Services Invision Power Board 2.2.2 Invision Power Services Invision Power Board 2.2.1 Invision Power Services Invision Power Board 2.2
|参考资料

来源:forums.invisionpower.com
链接:http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
来源:forums.invisionpower.com
链接:http://forums.invisionpower.com/index.php?showtopic=237075