Back to search
CVE-2006-1288
Published: Mar 19, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://forums.invisionpower.com/index.php?showtopic=204627
x_refsource_CONFIRM
http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642
x_refsource_CONFIRM
19141
third-party-advisory
x_refsource_SECUNIA
ADV-2006-0861
vdb-entry
x_refsource_VUPEN
invision-multiple-sql-injection(25100)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now