Detections
Analytics

Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)

high Nessus Plugin ID 18203

Language:

Synopsis

The remote web server contains a PHP application that is vulnerable to multiple attacks.

Description

According to its banner, the version of Invision Power Board on the remote host suffers from multiple vulnerabilities :

 - SQL Injection Vulnerability The application fails to sanitize user-input supplied through the 'pass_hash' cookie in the 'sources/login.php' script, which can be exploited to affect database queries, potentially revealing sensitive information.

 - Multiple Cross-Site Scripting Vulnerabilities An attacker can pass arbitrary HTML and script code through the 'highlite' parameter of the 'sources/search.php' and 'sources/topics.php' scripts.

Solution

Upgrade to Invision Power Board 2.0.4 or later.

See Also

http://www.nessus.org/u?20da0580

https://seclists.org/bugtraq/2005/May/70

https://seclists.org/bugtraq/2005/Jul/255

Plugin Details

Severity: High

ID: 18203

File Name: invision_power_board_2_0_4.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 5/9/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:invisionpower:invision_power_board

Required KB Items: www/invision_power_board

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/5/2005

Reference Information

CVE: CVE-2005-1597, CVE-2005-1598

BID: 13375, 13529, 13532, 13534

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990