CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4913

ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.9%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2007-4913

Invision Power Services » Invision Power Board » Version: Any

cpe:2.3:a:invision_power_services:invision_power_board:*
Invision Power Services » Invision Power Board » Version: 2.1.5_2006-03-08

cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08
Invision Power Services » Invision Power Board » Version: 2.1.5_2006-04-25

cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25
Invision Power Services » Invision Power Board » Version: 2.1.6

cpe:2.3:a:invision_power_services:invision_power_board:2.1.6
Invision Power Services » Invision Power Board » Version: 2.2

cpe:2.3:a:invision_power_services:invision_power_board:2.2
Invision Power Services » Invision Power Board » Version: 2.2.1

cpe:2.3:a:invision_power_services:invision_power_board:2.2.1
Invision Power Services » Invision Power Board » Version: 2.2.2

cpe:2.3:a:invision_power_services:invision_power_board:2.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4913

Products

Pricing

Contact Us