CVE-2006-0909 (CNNVD-200602-428)
中文标题:
Invision Power Board 多个PHP脚本敏感信息泄露漏洞
英文标题:
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information v...
漏洞描述
中文描述:
Invision Power Board (IPB) 2.1.4及之前版本可使远程攻击者借助对多个PHP脚本(在错误消息中包含完整路径,包括ips_kernel/目录中的(1) PEAR/Text/Diff/Renderer/inline.php、(2) PEAR/Text/Diff/Renderer/unified.php、(3) PEAR/Text/Diff3.php、(4) class_db.php、(5) class_db_mysql.php和(6) class_xml.php;sources/sql目录中的(7) mysql_admin_queries.php、(8) mysql_extra_queries.php、(9) mysql_queries.php和(10) mysql_subsm_queries.php;(11) sources/acp_loaders/acp_pages_components.php;(12) sources/action_admin/member.php和(13) sources/action_admin/paysubscriptions.php;sources/action_public目录中的(14) login.php、(15) messenger.php、(16) moderate.php、(17) paysubscriptions.php、(18) register.php、(19) search.php、(20) topics.php和(21)usercp.php;sources/classes目录中的(22) bbcode/class_bbcode.php、(23) bbcode/class_bbcode_legacy.php、(24) editor/class_editor_rte.php、(25) editor/class_editor_std.php、(26) post/class_post.php、(27) post/class_post_edit.php、(28) post/class_post_new.php和(29)post/class_post_reply.php;(30) sources/components_acp/registration_DEPR.php;(31) sources/handlers/han_paysubscriptions.php;(32) func_usercp.php;sources/lib/目录中的(33) search_mysql_ftext.php和(34) search_mysql_man.php;以及sources/loginauth目录中的(35) convert/auth.php.bak、(36) external/auth.php和(37) ldap/auth.php)的直接请求来查看敏感信息。
英文描述:
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.0 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.0.1 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.0.2 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.0.3 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.0.4 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1.0 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1.1 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1.2 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1.3 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1.4 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1_beta2 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1_beta3 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1_beta4 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1_beta5 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*
|
| invision_power_services | invision_power_board | 2.1_rc1 | - | - |
cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
AV:N/AC:L/Au:N/C:P/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-0909 |
2025-11-11 15:17:40 | 2025-11-11 07:32:32 |
| NVD | nvd_CVE-2006-0909 |
2025-11-11 14:51:48 | 2025-11-11 07:41:17 |
| CNNVD | cnnvd_CNNVD-200602-428 |
2025-11-11 15:08:50 | 2025-11-11 07:49:05 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200602-428
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:N/A:N
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 15
- data_sources: ['cve'] -> ['cve', 'nvd']