Lucene search

[email protected]CVE-2006-2059

HistoryApr 26, 2006 - 8:06 p.m.

CVE-2006-2059

2006-04-2620:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2059

invision power board

ipb

php

remote code execution

security vulnerability

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.791 High

EPSS

Percentile

98.2%

JSON

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a “#e” (execute) modifier.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.5_2006-03-08

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.5_2006-03-08

References

forums.invisionpower.com/index.php?showtopic=213374

secunia.com/advisories/19830

securityreason.com/securityalert/796

www.osvdb.org/25005

www.securityfocus.com/archive/1/431990/100/0/threaded

www.securityfocus.com/archive/1/432226/100/0/threaded

www.securityfocus.com/archive/1/432451/100/0/threaded

www.securityfocus.com/archive/1/439607/100/0/threaded

www.securityfocus.com/bid/17695

www.vupen.com/english/advisories/2006/1534

exchange.xforce.ibmcloud.com/vulnerabilities/26070

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.791 High

EPSS

Percentile

98.2%

JSON

Related for CVE-2006-2059

prion1 nessus1