[VIM] Partial details on Invision Power Board (IPB) PHP execution issue

nikns nikns at secure.lv
Mon May 22 11:55:45 EDT 2006

>Review of the patch suggests which variables are cleansed and which
>files are affected, but it's not clear how the variables relate to
>externally controlled inputs, nor is it clear about how it leads to
>PHP code execution.

Right! It is *fairly* impossible that this patch fixes 
PHP code execution flaw.
But instead it looks like it could fix XSS.

I that invision forum advisory post is nothing stated about
PHP code execution:
    "It has come to our attention that Invision Power 
Board 2.0.x and  Invision Power Board 2.1.x  contains two areas 
where malicious code could be executed."

I suppose they was thinking about html code execution ;]
but secunia and securityfocus took out from nowhere that
it is php code.

So, maybe lets call it XSS vulns?


More information about the VIM mailing list