Executive Summary

Informations
NameCVE-2006-2059First vendor Publication2006-04-26
VendorCveLast vendor Modification2018-10-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2059

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
25005Invision Power Board search.php lastdate Variable Arbitrary PHP Code Execution

Nessus® Vulnerability Scanner

DateDescription
2006-05-03Name : The remote web server contains a PHP application that is susceptible to multi...
File : invision_power_board_250406.nasl - Type : ACT_ATTACK

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/17695
BUGTRAQ http://www.securityfocus.com/archive/1/431990/100/0/threaded
http://www.securityfocus.com/archive/1/432226/100/0/threaded
http://www.securityfocus.com/archive/1/432451/100/0/threaded
http://www.securityfocus.com/archive/1/439607/100/0/threaded
CONFIRM http://forums.invisionpower.com/index.php?showtopic=213374
SREASON http://securityreason.com/securityalert/796
VUPEN http://www.vupen.com/english/advisories/2006/1534
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/26070

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2018-10-18 21:20:06
  • Multiple Updates
2017-07-20 09:23:32
  • Multiple Updates
2016-06-28 15:45:04
  • Multiple Updates
2016-04-26 14:33:45
  • Multiple Updates
2014-02-17 10:35:39
  • Multiple Updates
2013-05-11 10:55:36
  • Multiple Updates