[VIM] Partial details on Invision Power Board (IPB) PHP execution issue
Steven M. Christey
coley at mitre.org
Fri May 19 23:04:00 EDT 2006
Ref: http://forums.invisionpower.com/index.php?showtopic=215527
CVE-2006-2498 forthcoming.
This forum post includes a pointer to a manual patch:
http://forums.invisionpower.com/index.php?act=Attach&type=post&id=10026
Review of the patch suggests which variables are cleansed and which
files are affected, but it's not clear how the variables relate to
externally controlled inputs, nor is it clear about how it leads to
PHP code execution.
- Steve
More information about the VIM
mailing list