Skip to content

Mois : mai 2013

IPB (Invision Power Board) all versions (1.x? / 2.x / 3.x) Admin account Takeover leading to code execution

Written on : 2013/05/02
Released on : 2013/05/13
Author: John JEAN / @johnjean on twitter)
Affected application: Invision Power Board <= 3.4.4
Type of vulnerability: Logical Vulnerability / Bad Sanitization
Required informations : Administrator's email
Evaluated Risk : Critical
Solution Status : A patch has been released which fixes these vulnerabilities
References : https://johnjean.io/2013/05/13/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution/
CVE: CVE-2013-3725
6 Comments