CVE-2007-4913
Published Sep 17, 2007
Last updated 16 years ago
Overview
- Description
- ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F198C2-6AAD-482F-A95E-10505A69993C", "versionEndIncluding": "2.3.1" }, { "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6" }, { "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A90F21A-0FE7-456C-86FA-2F60542A7EA1" }, { "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC" }, { "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073" }, { "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61" }, { "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95" } ], "operator": "OR" } ] } ]