CVE-2007-4913
N/A
N/A
Summary
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
- http://forums.invisionpower.com/index.php?showtopic=237075
References
- http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
- http://forums.invisionpower.com/index.php?showtopic=237075
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.