Vulnerabilities > Invision Power Services > Invision Board > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-16 | CVE-2005-1598 | SQL Injection vulnerability in Invision Power Board Login.PHP SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | 7.5 |
| 2005-04-11 | CVE-2005-1070 | SQL Injection vulnerability in Invision Power Board ST Parameter SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1531 | SQL Injection vulnerability in Invision Power Board Index.PHP Post Action SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter. | 7.5 |
| 2004-01-03 | CVE-2004-1785 | SQL Injection vulnerability in Invision Power Board Calendar.PHP SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. | 7.5 |