CVE-2006-2060
Summary
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.
- LOW
- NETWORK
- NONE
- PARTIAL
- PARTIAL
- NONE
References
Advisory Timeline
- Published