CVE-2006-7064

Current Description

Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

Evaluator Description

Given complete CIA triad impact because remote attackers can inject arbitrary web script or HTML as the administrator.

Basic Data

PublishedFebruary 24, 2007
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationInvision Power ServicesInvision Power Board1.0*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.0.1*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.0.3*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.1.1*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.1.2*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.2*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.3*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.3.1_final*******
    2.3ApplicationInvision Power ServicesInvision Power Board1.3_final*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0.0*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0.1*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0.2*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0.3*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0.4*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0.x*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0_alpha3*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0_pdr3*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0_pf1*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.0_pf2*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.0*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.1*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.2*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.3*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.4*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.5*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.5_2006-03-08*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.5_2006-04-25*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1.6*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1_alpha2*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1_beta2*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1_beta3*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1_beta4*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1_beta5*******
    2.3ApplicationInvision Power ServicesInvision Power Board2.1_rc1*******

Vulnerable Software List

VendorProductVersions
Invision Power Services Invision Power Board 1.0, 1.0.1, 1.0.3, 1.1.1, 1.1.2, 1.2, 1.3, 1.3.1_final, 1.3_final, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.x, 2.0_alpha3, 2.0_pdr3, 2.0_pf1, 2.0_pf2, 2.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.5_2006-03-08, 2.1.5_2006-04-25, 2.1.6, 2.1_alpha2, 2.1_beta2, 2.1_beta3, 2.1_beta4, 2.1_beta5, 2.1_rc1

References

NameSourceURLTags
20060609 Invision Power Board XSShttp://archives.neohapsis.com/archives/bugtraq/2006-06/0204.htmlBUGTRAQ
2307http://securityreason.com/securityalert/2307SREASON
18450http://www.securityfocus.com/bid/18450BID
ipb-admin-phpinfo-xss(27069)https://exchange.xforce.ibmcloud.com/vulnerabilities/27069XF