Invision Power Services: Security Vulnerabilities
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
CVSS Score
6.8
EPSS Score
0.027
Published
2003-12-31
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
CVSS Score
5.0
EPSS Score
0.003
Published
2003-12-31
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
CVSS Score
5.0
EPSS Score
0.008
Published
2002-10-11
Page 8