Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2226 — Unrestricted File Upload in Invision Power Board

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

13.0%

top 5.89%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Invisioncommunity Invision Power Board

Timeline

PublishedJan 9

Latest updateApr 23

Description

Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDinvisioncommunity/invision_power_board< 3.3.1

🔴Vulnerability Details

GHSA

GHSA-h7fh-8x45-4h5p: Invision Power Board before 3↗2022-04-23

▶

CVEList

CVE-2012-2226: Invision Power Board before 3↗2020-01-09

▶

💥Exploits & PoCs

Exploit-DB

Invision Power Board 3.3.0 - Local File Inclusion↗2012-04-13

▶