[VIM] Partial details on Invision Power Board (IPB) PHP execution issue

Steven M. Christey coley at mitre.org
Fri May 19 23:04:00 EDT 2006

Ref: http://forums.invisionpower.com/index.php?showtopic=215527

CVE-2006-2498 forthcoming.

This forum post includes a pointer to a manual patch:


Review of the patch suggests which variables are cleansed and which
files are affected, but it's not clear how the variables relate to
externally controlled inputs, nor is it clear about how it leads to
PHP code execution.

- Steve

More information about the VIM mailing list