CVE-2012-5692

Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown

Title source: manual

Exploitation Summary

EIP tracks 4 public exploits for CVE-2012-5692. PoCs published by Metasploit, EgiX, webDEViL, including Metasploit module exploits/unix/webapp/invision_pboard_unserialize_exec.

AI-analyzed exploit summary This Metasploit module exploits a PHP unserialize() vulnerability in Invision IP.Board <= 3.3.4 to achieve remote code execution by writing arbitrary PHP code to a file via the __destruct() method of the dbMain class.

Description

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/22686

View Code ZIP pw:eip

This Metasploit module exploits a PHP unserialize() vulnerability in Invision IP.Board <= 3.3.4 to achieve remote code execution by writing arbitrary PHP code to a file via the __destruct() method of the dbMain class.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Invision IP.Board <= 3.3.4

No auth needed

Prerequisites: Target must be running Invision IP.Board <= 3.3.4 · Web server must have write permissions to the cache directory

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/22398

View Code ZIP pw:eip

This exploit leverages a PHP object injection vulnerability in Invision Power Board <= 3.3.4 via insecure unserialize() usage in cookie handling. It achieves remote code execution by injecting malicious serialized data into the 'member_id' cookie, which triggers the __destruct() method of the 'db_driver_mysql' class to write a PHP shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Invision Power Board <= 3.3.4

No auth needed

Prerequisites: short_open_tag enabled · ability to set cookies · network access to target

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by webDEViL · phpwebappsphp

https://www.exploit-db.com/exploits/22547

View Code ZIP pw:eip

This exploit leverages a PHP object injection vulnerability in Invision Power Board via unsafe unserialize() usage in cookie handling. It bypasses a patch by using a crafted serialized payload to write arbitrary PHP code to a file, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Invision Power Board <= 3.3.4

No auth needed

Prerequisites: short_open_tag enabled in PHP configuration · ability to set cookies

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by EgiX, juan vazquez, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a PHP unserialize() vulnerability in Invision IP.Board <= 3.3.4, allowing unauthenticated remote code execution via a crafted cookie. It leverages the __destruct() method of the db_driver_mysql class to write arbitrary PHP code to a file in the web directory.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Invision IP.Board <= 3.3.4

No auth needed

Prerequisites: Target must be running Invision IP.Board <= 3.3.4 · Web server must have write permissions to the cache directory

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51104

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56288

Scores

EPSS 0.2490

EPSS Percentile 97.6%

Details

Status published

Products (9)

invisioncommunity/invision_power_board 3.1.2

invisioncommunity/invision_power_board 3.3.0

invisionpower/invision_power_board 3.1.0

invisionpower/invision_power_board 3.1.1

invisionpower/invision_power_board 3.1.3

invisionpower/invision_power_board 3.1.4

invisionpower/invision_power_board 3.2.0

invisionpower/invision_power_board 3.2.1

invisionpower/invision_power_board 3.2.2

Published Oct 31, 2012

Tracked Since Feb 18, 2026