CVE-2006-3543
CVSS7.5
发布时间 :2006-07-12 20:05:00
修订时间 :2008-09-05 17:07:25
NMCO    

[原文]** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB.


[CNNVD]Invision Power Board多个SQL注入漏洞(CNNVD-200607-164)

        **有争议** Invision Power Board (IPB) 1.x和2.x存在多个SQL注入漏洞。远程攻击者可以借助index.php中的ketqua操作中的(1) idcat和(2) code 参数;aindex.php中的 (3) Attach和(4) ref操作中的id参数index.php中的(5) Profile, (6) Login, 以及 (7) Help操作中的CODE参数;以及(8) coins_list.php中的member_id参数,执行任意SQL指令。 注:开发者就此问题提出反驳,声称"CODE属性从未在SQL查询中出现"并且"'ketqua' [action]和file 'coin_list.php'并非标准的IPB 2.x 功能"。 尚不清楚这些向量是否与独立模块或IPB的修改有关。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:invision_power_services:invision_power_board:1.0
cpe:/a:invision_power_services:invision_power_board:2.0_pdr3
cpe:/a:invision_power_services:invision_power_board:1.3.1_final
cpe:/a:invision_power_services:invision_power_board:2.1.6
cpe:/a:invision_power_services:invision_power_board:1.0.1
cpe:/a:invision_power_services:invision_power_board:2.0.3
cpe:/a:invision_power_services:invision_power_board:1.3
cpe:/a:invision_power_services:invision_power_board:1.0.3
cpe:/a:invision_power_services:invision_power_board:2.1.5
cpe:/a:invision_power_services:invision_power_board:1.1.1
cpe:/a:invision_power_services:invision_power_board:2.0_pf1
cpe:/a:invision_power_services:invision_power_board:1.1.2
cpe:/a:invision_power_services:invision_power_board:2.0.1
cpe:/a:invision_power_services:invision_power_board:2.0.4
cpe:/a:invision_power_services:invision_power_board:2.1
cpe:/a:invision_power_services:invision_power_board:2.0_pf2
cpe:/a:invision_power_services:invision_power_board:1.3_final
cpe:/a:invision_power_services:invision_power_board:2.1.4
cpe:/a:invision_power_services:invision_power_board:2.0_alpha3
cpe:/a:invision_power_services:invision_power_board:1.2
cpe:/a:invision_power_services:invision_power_board:2.0.2
cpe:/a:invision_power_services:invision_power_board:2.1_alpha2
cpe:/a:invision_power_services:invision_power_board:2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3543
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3543
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-164
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/18836
(UNKNOWN)  BID  18836
http://www.securityfocus.com/archive/1/archive/1/439602/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060710 Re: Invision Power Board "v1.X & 2.X" SQL Injection
http://www.securityfocus.com/archive/1/archive/1/439145/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060704 Invision Power Board "v1.X & 2.X" SQL Injection
http://www.osvdb.org/30084
(UNKNOWN)  OSVDB  30084
http://securityreason.com/securityalert/1231
(UNKNOWN)  SREASON  1231

- 漏洞信息

Invision Power Board多个SQL注入漏洞
高危 SQL注入
2006-07-12 00:00:00 2006-07-25 00:00:00
远程  
        **有争议** Invision Power Board (IPB) 1.x和2.x存在多个SQL注入漏洞。远程攻击者可以借助index.php中的ketqua操作中的(1) idcat和(2) code 参数;aindex.php中的 (3) Attach和(4) ref操作中的id参数index.php中的(5) Profile, (6) Login, 以及 (7) Help操作中的CODE参数;以及(8) coins_list.php中的member_id参数,执行任意SQL指令。 注:开发者就此问题提出反驳,声称"CODE属性从未在SQL查询中出现"并且"'ketqua' [action]和file 'coin_list.php'并非标准的IPB 2.x 功能"。 尚不清楚这些向量是否与独立模块或IPB的修改有关。

- 公告与补丁

        暂无数据

- 漏洞信息

30084
Invision Power Board index.php CODE Parameter SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity

- 漏洞描述

Invision Power Board has been reported to contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is supposedly due to the index.php script not properly sanitizing user-supplied input to the 'CODE' variable. However, subsequent comments from the vendor state "at no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run - it just directs traffic."

- 时间线

2006-07-02 Unknow
Unknow Unknow

- 解决方案

The vulnerability reported is incorrect. No solution required.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站