Invision Power Board <= 3.3.4 (core.php) PHP Object Injection Vulnerability


Invision Power Board contains a flaw related to the IPSCookie::get() method defined in the admin/sources/base/core.php script. User input passed through cookies is not properly sanitized before being used in a call to the unserialize() function. With a specially crafted serialized object a remote attacker might be able to create a file containing arbitrary PHP code abusing the __destruct() method of the dbMain class.


Disclosure Date:

November 1, 2012