Korean

<< Back VID 21885 Severity 40 Port 80, ... Protocol TCP Class CGI Detailed Description The Invision Power Board is vulnerable to an SQL injection vulnerability in the ck parameter. Invision Power Board is a PHP-based Web forum software package, distributed by Invision Power Services, Inc.. Invision Power Board versions 2.1 through 2.1.5 are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct script insertion and SQL injection attacks, and compromise a vulnerable system. 1) Input passed to the "lastdate" parameter in the "search.php" script isn't properly sanitized before being used in a "preg_replace()" call. This can be exploited to inject and execute arbitrary PHP code via the "e" pattern modifier. 2) Input passed to the "ck" parameter in the "index.php" script isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code (limited to 32 characters). It is also possible by administrators to include arbitrary PHP scripts via the "name" parameter passed in the "admin.php" script. 3) The problem is that it is possible to upload a malicious JPEG image with a GIF header containing HTML and script code. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when the malicious image is viewed with the Microsoft Internet Explorer browser. * References: http://forums.invisionpower.com/index.php?showtopic=213374 http://www.securityfocus.com/archive/1/431990/30/0/threaded http://secunia.com/advisories/19830/ * Platforms Affected: Invision Power Services, Invision Power Board versions 2.1 through 2.1.5 Any operating system Any version Recommendation Apply the IPB 2.x.x 04-25-06 Security Update, as listed on the Invision Power Services Web site at http://forums.invisionpower.com/index.php?showtopic=213374 Related URL CVE-2006-2059,CVE-2006-2060,CVE-2006-2061 (CVE) Related URL 17690,17695 (SecurityFocus) Related URL 26070,26071,26072 (ISS)