Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2006-0909
HistoryFeb 28, 2006 - 11:02 a.m.

CVE-2006-0909

2006-02-2811:02:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
25
invision power board
ipb
cve-2006-0909
security vulnerability
remote attack
php
information disclosure

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.094 Low

EPSS

Percentile

94.7%

JSON

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1_beta2
invision_power_services:invision_power_boardinvision power services invision power boardeq2.0.4
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1_rc1
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.1
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.2
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.3
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1_beta5
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.0
invision_power_services:invision_power_boardinvision power services invision power boardeq2.0.0
invision_power_services:invision_power_boardinvision power services invision power boardeq2.0.3
Rows per page:
1-10 of 151

Related

prion 1
prion
prion
Design/Logic Flaw
2006-02-28 11:02:00

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.094 Low

EPSS

Percentile

94.7%

JSON
Related for CVE-2006-0909
prion1