Invision Power Board "Task PHP File To Run" Field Traversal Local File Inclusion
Remote / Network Access
Loss of Integrity
Invision Power Board contains a flaw that allows a remote attacker to execute arbitrary files outside of the web path. The issue is due to the 'Task PHP File to Run' field not properly sanitizing user input, specifically directory traversal style attacks (../../).
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.