[email protected]CVE-2004-1785

HistoryJan 03, 2004 - 5:00 a.m.

CVE-2004-1785

2004-01-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

calendar.php

invision power board 1.3

security vulnerability

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.

CPENameOperatorVersion
invision_power_services:invision_boardinvision power services invision boardeq1.3
invision_power_services:invision_boardinvision power services invision boardeq1.1.1
invision_power_services:invision_boardinvision power services invision boardeq1.2
invision_power_services:invision_boardinvision power services invision boardeq1.0
invision_power_services:invision_boardinvision power services invision boardeq1.1.2
invision_power_services:invision_boardinvision power services invision boardeq1.0.1

CPE	Name	Operator	Version
invision_power_services:invision_board	invision power services invision board	eq	1.3
invision_power_services:invision_board	invision power services invision board	eq	1.1.1
invision_power_services:invision_board	invision power services invision board	eq	1.2
invision_power_services:invision_board	invision power services invision board	eq	1.0
invision_power_services:invision_board	invision power services invision board	eq	1.1.2
invision_power_services:invision_board	invision power services invision board	eq	1.0.1

References

forums.invisionpower.com/index.php?act=ST&f=1&t=108786

secunia.com/advisories/10530

www.osvdb.org/3319

www.securityfocus.com/archive/1/348821

www.securityfocus.com/bid/9353

www.securitytracker.com/id?1008589

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2004-1785

openvas1 cvelist1