SSD Advisory – IP.Board ‘nexus’ RCE and Blind SQLi

Summary IP.Board e-commerce plugin ‘nexus’ contains two security vulnerabilities that when combined can be used to trigger a pre-auth RCE in AdminCP. Credit An independent security researcher, Egidio Romano from Karma(In)Security, working with SSD Secure Disclosure. Vendor Response The vendor has released a new version of IP.Board with appropriate fixes: https://invisioncommunity.com/release-notes/4716-r128/ Affected Versions IP.Board version …

SSD Advisory – IP.Board ‘nexus’ RCE and Blind SQLi Read More »