2.1.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

invision-power-services

NVD

Published: 2006-03-19

Updated: 2017-07-20

Summary

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Power Board 2.0.4 Invision Power Services Invision Power Board 2.1.4	2

References

http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642
http://forums.invisionpower.com/index.php?showtopic=204627
http://secunia.com/advisories/19141
http://www.vupen.com/english/advisories/2006/0861
https://exchange.xforce.ibmcloud.com/vulnerabilities/25100