CVE-2006-2060 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-2060
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2060

Description: Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26072 SREASON http://securityreason.com/securityalert/796 SAID Secunia Advisory: SA19830 OSVDB 25008 CONFIRM http://forums.invisionpower.com/index.php?showtopic=213374 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/439607/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/432226/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/431990/100/0/threaded

Return to the previous page.