Vulnerabilities > Invision Power Services > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-11 | CVE-2005-1070 | SQL Injection vulnerability in Invision Power Board ST Parameter SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1836 | SQL Injection vulnerability in Invision Power Services Invision Power TOP Site List 1.0/1.1/1.1Rc2 SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. | 7.5 |
| 2004-12-31 | CVE-2004-1835 | SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1 Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters. | 7.5 |
| 2004-12-31 | CVE-2004-1531 | SQL Injection vulnerability in Invision Power Board Index.PHP Post Action SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter. | 7.5 |
| 2004-01-03 | CVE-2004-1785 | SQL Injection vulnerability in Invision Power Board Calendar.PHP SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. | 7.5 |