CVE-2006-2204
5.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:N
Exploitability: 8.0 / Impact: 4.9
Source: NVD
Description
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
Affected (19)
Products: Invision Power Services: Invision Power Board
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.0.0 |
References (16)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.