WHERE:
From remote
SOFTWARE:
Invision Power Board 2.x
link://[click]
DESCRIPTION:
Some vulnerabilities have been reported in Invision Power Board,
which can be exploited by malicious users to conduct script insertion
attacks or bypass certain access restrictions.
1) Input passed to unspecified fields in the user profile is not
properly sanitised in ips_kernel/class_ajax.php before being used.
This can be exploited to insert arbitrary HTML and script code, which
is executed in an administrative user's browser session in context of
an affected site when the malicious user's profile is being viewed.
Successful exploitation requires that Invision Power Board is
configured to use character sets different from "iso-8859-1" and
"utf-8".
2) An error exists in the subscription manager when processing
payments. This can be exploited to modify a member's ID via a
specially crafted payment form.
Successful exploitation allows e.g. demoting administrators and
moderators to the subscriber's group, but requires that the
subscription packages are enabled.
The vulnerabilities are reported in versions 2.3.1. Prior versions
may also be affected.
SOLUTION:
Download version 2.3.1, which has been updated to fix the
vulnerabilities.
