CVE-2006-2059

Invision Power Board <2.1.x-2.0.x - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2059. PoCs published by RusH.

AI-analyzed exploit summary This exploit targets a command execution vulnerability in Invision Power Board 2.* by leveraging authenticated session manipulation and crafted post content to execute arbitrary commands. It requires valid user credentials and forum access.

Description

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RusH · perlwebappsphp

https://www.exploit-db.com/exploits/1720

View Code ZIP pw:eip

This exploit targets a command execution vulnerability in Invision Power Board 2.* by leveraging authenticated session manipulation and crafted post content to execute arbitrary commands. It requires valid user credentials and forum access.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Invision Power Board <= 2.1.5

Auth required

Prerequisites: Valid user credentials · Access to a forum where the user can create posts

MITRE ATT&CK