CVE-2006-1288

Published: Mar 19, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.

Affected (2)

Products: Invision Power Services: Invision Power Board

Invision Power Services

1 product

Invision Power Board

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Invision Power Services Invision Power Board	Version 2.0.4
Invision Power Services Invision Power Board	Version 2.1.4

References (10)

http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642

Source: cve@mitre.org

Patch

http://forums.invisionpower.com/index.php?showtopic=204627

Source: cve@mitre.org

Patch

http://secunia.com/advisories/19141

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0861

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/25100

Source: cve@mitre.org

http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://forums.invisionpower.com/index.php?showtopic=204627

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/19141

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/0861

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/25100

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.