CVE-2007-4913
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
ips_kernel/class_upload.php en Invision Power Board (IPB o IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos actualizar secuencias de comandos de su elección a través de archivos con nombres de archivo de imágenes manipuladas en uploads/, donde se salvan con una extensión .txt y no son ejecutables. NOTA: hay ciertos panoramas limitados de uso bajo los cuales esto sería una vulnerabilidad, pero está siendo seguida por CVE puesto que el vendedor ha indicado que es seguridad-relevante.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-17 CVE Reserved
- 2007-09-17 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://forums.invisionpower.com/index.php?showtopic=237075 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 | 2008-09-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | <= 2.3.1 Search vendor "Invision Power Services" for product "Invision Power Board" and version " <= 2.3.1" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.1.5_2006-03-08 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.1.5_2006-03-08" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.1.5_2006-04-25 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.1.5_2006-04-25" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.1.6 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.1.6" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.2 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.2" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.2.1 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.2.1" | - |
Affected
| ||||||
| Invision Power Services Search vendor "Invision Power Services" | Invision Power Board Search vendor "Invision Power Services" for product "Invision Power Board" | 2.2.2 Search vendor "Invision Power Services" for product "Invision Power Board" and version "2.2.2" | - |
Affected
| ||||||