Vulnerability Details : CVE-2012-5692
Public exploit exists!
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
Exploit prediction scoring system (EPSS) score for CVE-2012-5692
Probability of exploitation activity in the next 30 days: 95.00%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-5692
-
Invision IP.Board unserialize() PHP Code Execution
Disclosure Date: 2012-10-25First seen: 2020-04-26exploit/unix/webapp/invision_pboard_unserialize_execThis module exploits a php unserialize() vulnerability in Invision IP.Board <= 3.3.4 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sou
CVSS scores for CVE-2012-5692
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2012-5692
-
http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/
Sorry, you do not have permission for that!Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/56288
Invision Power Board 'core.php' PHP Code Execution Vulnerability
Products affected by CVE-2012-5692
- cpe:2.3:a:invisionpower:invision_power_board:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:invisioncommunity:invision_power_board:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:*:*:*:*:*:*:*