NASLDB: Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi
General
ID: 18401
Name: Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi
Summary: Checks for privilege escalation vulnerability in Invision Power Board
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:H/RL:U/RC:ND
Port: 80
Family: CGI abuses
Type: Remote
Description
According to its banner, the version of Invision Power Board on the
remote host suffers from a privilege escalation issue. To carry out
an attack, an authenticated user goes to delete his own group and
moves users from that group into the root admin group.
In addition to this, the remote version of this software is prone to a
SQL injection attack that may allow an attacker to execute arbitrary
SQL statements against the remote database.
- If you’re using Invision Power Board version 2.0.4, this may
- be a false positive as the fix does not update the version
- number.
Exploiting
Exploit Available: True
Exploitability Ease: No exploit is required
Sources
CVE: CVE-2005-1816
OSVDB: –
Bugtraq: 13797
scipID: –
Timeline
Vulnerability Disclosure: 2005/05/28
Patch Release: –
Plugin Release: 2005/05/30
Plugin
Version: 1.14
Filename: invision_power_board_priv_escalation.nasl
Filesize: 3389 bytes
MD5 Hash: 03cc2d8b0990420d3feb88051fd36bec
Identification: –
Require Keys: www/invision_power_board
Dependencies: "invision_power_board_detect.nasl"
Copyright: This script is Copyright© 2005-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack