CVE-2004-1785

Published: Jan 3, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.

Affected (6)

Products: Invision Power Services: Invision Board

Invision Power Services

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Invision Power Services Invision Board	Version 1.0.1
Invision Power Services Invision Board	Version 1.0
Invision Power Services Invision Board	Version 1.1.1
Invision Power Services Invision Board	Version 1.1.2
Invision Power Services Invision Board	Version 1.2
Invision Power Services Invision Board	Version 1.3

References (12)

http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786

Source: cve@mitre.org

http://secunia.com/advisories/10530

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/3319

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/archive/1/348821

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/bid/9353

Source: cve@mitre.org

PatchVendor Advisory

http://www.securitytracker.com/id?1008589

Source: cve@mitre.org

http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/10530

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.osvdb.org/3319

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/archive/1/348821

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/bid/9353

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securitytracker.com/id?1008589

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.