Vulnerabilities > CVE-2004-1785 - Unspecified vulnerability in Invision Power Services Invision Board

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

invision-power-services

NVD

Published: 2004-01-03

Updated: 2024-11-20

Summary

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.1.1 Invision Power Services Invision Board 1.2 Invision Power Services Invision Board 1.0 Invision Power Services Invision Board 1.1.2 Invision Power Services Invision Board 1.0.1	6

References

http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786
http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786
http://secunia.com/advisories/10530
http://secunia.com/advisories/10530
http://www.osvdb.org/3319
http://www.osvdb.org/3319
http://www.securityfocus.com/archive/1/348821
http://www.securityfocus.com/archive/1/348821
http://www.securityfocus.com/bid/9353
http://www.securityfocus.com/bid/9353
http://www.securitytracker.com/id?1008589
http://www.securitytracker.com/id?1008589