Vulnerabilities > CVE-2006-2061 - SQL Injection vulnerability in Invision Power Board Index.PHP CK Parameter
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. The vendor has released an update to address this and other versions.
Vulnerable Configurations
Exploit-Db
description | Invision Power Board 2.0/2.1 Index.PHP CK Parameter SQL Injection Vulnerability. CVE-2006-2061. Webapps exploit for php platform |
id | EDB-ID:27736 |
last seen | 2016-02-03 |
modified | 2006-05-25 |
published | 2006-05-25 |
reporter | IceShaman |
source | https://www.exploit-db.com/download/27736/ |
title | Invision Power Board 2.0/2.1 Index.PHP CK Parameter SQL Injection Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | INVISION_POWER_BOARD_250406.NASL |
description | The installation of Invision Power Board on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21307 |
published | 2006-05-03 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21307 |
title | Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities |
code |
|
References
- http://forums.invisionpower.com/index.php?showtopic=213374
- http://secunia.com/advisories/19830
- http://securityreason.com/securityalert/796
- http://www.securityfocus.com/archive/1/431990/100/0/threaded
- http://www.securityfocus.com/archive/1/432226/100/0/threaded
- http://www.securityfocus.com/bid/17690
- http://www.vupen.com/english/advisories/2006/1534
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26071