Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi

medium Nessus Plugin ID 18401

Synopsis

The remote web server is hosting an application that is affected by multiple vulnerabilities.

Description

According to its banner, the version of Invision Power Board on the remote host suffers from a privilege escalation issue. To carry out an attack, an authenticated user goes to delete his own group and moves users from that group into the root admin group.

In addition to this, the remote version of this software is prone to a SQL injection attack that may allow an attacker to execute arbitrary SQL statements against the remote database.

**** If you're using Invision Power Board version 2.0.4, this may
**** be a false positive as the fix does not update the version
**** number.

Solution

Apply the patch as discussed in the forum posting above.

See Also

https://seclists.org/fulldisclosure/2005/May/647

http://forums.invisionpower.com/index.php?showtopic=169215

Plugin Details

Severity: Medium

ID: 18401

File Name: invision_power_board_priv_escalation.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 5/30/2005

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:invisionpower:invision_power_board

Required KB Items: www/invision_power_board

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/28/2005

Reference Information

CVE: CVE-2005-1816

BID: 13797, 14289