CVE-2005-3549 - Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited rem

CVE-2005-3549

Summary

Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".

References

http://secunia.com/advisories/17443
http://www.securityfocus.com/archive/1/415798/30/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/40003

Vulnerable Configurations

cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 19-10-2018 - 15:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bugtraq	20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)
secunia	17443
xf	ipb-taskmanager-code-execution(40003)

Last major update

19-10-2018 - 15:37

Published

16-11-2005 - 07:42

Last modified

19-10-2018 - 15:37