Vulnerabilities > CVE-2006-2097 - SQL Injection vulnerability in Invision Power Board Func_msg.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
Vulnerable Configurations
Exploit-Db
| description | Invision Power Board <= 2.1.5 (from_contact) SQL Injection Exploit. CVE-2006-2097. Webapps exploit for php platform |
| id | EDB-ID:1733 |
| last seen | 2016-01-31 |
| modified | 2006-05-01 |
| published | 2006-05-01 |
| reporter | Ykstortion Security |
| source | https://www.exploit-db.com/download/1733/ |
| title | Invision Power Board <= 2.1.5 from_contact SQL Injection Exploit |