Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5692 — Invision Power Board vulnerability

6 documents4 sources

Severity

10.0CRITICALNVD

EPSS

83.0%

top 0.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Invisioncommunity Invision Power Board Invisionpower Invision Power Board

Timeline

PublishedOct 31

Latest updateMay 13

Description

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDinvisionpower/invision_power_board7 versions+6

▶NVDinvisioncommunity/invision_power_board3.1.2, 3.3.0+1

Patches

Patch: community.invisionpower.com ↗Patch: community.invisionpower.com ↗

🔴Vulnerability Details

GHSA

GHSA-mfrm-r98f-cf43: Unspecified vulnerability in admin/sources/base/core↗2022-05-13

▶

CVEList

CVE-2012-5692: Unspecified vulnerability in admin/sources/base/core↗2012-10-31

▶

💥Exploits & PoCs

Exploit-DB

Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit)↗2012-11-13

▶

Exploit-DB

Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass↗2012-11-07

▶

Exploit-DB

Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution↗2012-11-01

▶