Written on : 2013/05/02 Released on : 2013/05/13 Author: John JEAN / @johnjean on twitter) Affected application: Invision Power Board <= 3.4.4 Type of vulnerability: Logical Vulnerability / Bad Sanitization Required informations : Administrator's email Evaluated Risk : Critical Solution Status : A patch has been released which fixes these vulnerabilities References : https://johnjean.io/2013/05/13/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution/ CVE: CVE-2013-37256 Comments
CTO Groupe