Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HInvisioncommunity Invision Power Board
APPInvisioncommunity< 3.3.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2013-3725CRITICAL9.8ten sam produkt
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
CVE-2017-8898CRITICAL9.8ten sam produkt
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowi...
CVE-2014-4928HIGH8.8ten sam produkt
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers...
CVE-2017-8899HIGH8.1ten sam produkt
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Informati...
CVE-2016-6174HIGH8.1ten sam produkt
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invisio...