action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.10624
Percentile: 0.92954

CVSS Scoring

Affected Products

• cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*

← Back to Home