CVE-2012-5692 : Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

Published 2012-10-31 10:50:33

Updated 2020-06-03 14:53:59

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-5692

Probability of exploitation activity in the next 30 days: 95.00%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2012-5692

Invision IP.Board unserialize() PHP Code Execution

Disclosure Date: 2012-10-25

First seen: 2020-04-26

exploit/unix/webapp/invision_pboard_unserialize_exec

This module exploits a php unserialize() vulnerability in Invision IP.Board <= 3.3.4 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sou

More information

CVSS scores for CVE-2012-5692

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2012-5692

http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/

Sorry, you do not have permission for that!
Patch;Vendor Advisory
http://www.securityfocus.com/bid/56288

Invision Power Board 'core.php' PHP Code Execution Vulnerability

Products affected by CVE-2012-5692

Invisionpower » Invision Power Board » Version: 3.1.4
cpe:2.3:a:invisionpower:invision_power_board:3.1.4:*:*:*:*:*:*:*
Matching versions
Invisionpower » Invision Power Board » Version: 3.2.0
cpe:2.3:a:invisionpower:invision_power_board:3.2.0:*:*:*:*:*:*:*
Matching versions
Invisionpower » Invision Power Board » Version: 3.2.1
cpe:2.3:a:invisionpower:invision_power_board:3.2.1:*:*:*:*:*:*:*
Matching versions
Invisionpower » Invision Power Board » Version: 3.2.2
cpe:2.3:a:invisionpower:invision_power_board:3.2.2:*:*:*:*:*:*:*
Matching versions
Invisionpower » Invision Power Board » Version: 3.1.1
cpe:2.3:a:invisionpower:invision_power_board:3.1.1:*:*:*:*:*:*:*
Matching versions
Invisionpower » Invision Power Board » Version: 3.1.0
cpe:2.3:a:invisionpower:invision_power_board:3.1.0:*:*:*:*:*:*:*
Matching versions
Invisionpower » Invision Power Board » Version: 3.1.3
cpe:2.3:a:invisionpower:invision_power_board:3.1.3:*:*:*:*:*:*:*
Matching versions
Invisioncommunity » Invision Power Board » Version: 3.1.2
cpe:2.3:a:invisioncommunity:invision_power_board:3.1.2:*:*:*:*:*:*:*
Matching versions
Invisioncommunity » Invision Power Board » Version: 3.3.0
cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-5692

Exploit prediction scoring system (EPSS) score for CVE-2012-5692

Metasploit modules for CVE-2012-5692

Invision IP.Board unserialize() PHP Code Execution

CVSS scores for CVE-2012-5692

References for CVE-2012-5692

Products affected by CVE-2012-5692