Lucene search

MitreCVE-2006-2204

HistoryMay 05, 2006 - 12:46 p.m.

CVE-2006-2204

2006-05-0512:46:00

mitre

web.nvd.nist.gov

cve-2006-2204

sql injection

invision power board

topic deletion

remote code execution

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.

Affected configurations

Nvd

Node

invision_power_servicesinvision_power_boardMatch2.0.0

invision_power_servicesinvision_power_boardMatch2.0.1

invision_power_servicesinvision_power_boardMatch2.0.2

invision_power_servicesinvision_power_boardMatch2.0.3

invision_power_servicesinvision_power_boardMatch2.0.4

invision_power_servicesinvision_power_boardMatch2.0.x

invision_power_servicesinvision_power_boardMatch2.1

invision_power_servicesinvision_power_boardMatch2.1.0

invision_power_servicesinvision_power_boardMatch2.1.1

invision_power_servicesinvision_power_boardMatch2.1.2

invision_power_servicesinvision_power_boardMatch2.1.3

invision_power_servicesinvision_power_boardMatch2.1.4

invision_power_servicesinvision_power_boardMatch2.1.5

invision_power_servicesinvision_power_boardMatch2.1_alpha2

invision_power_servicesinvision_power_boardMatch2.1_beta2

invision_power_servicesinvision_power_boardMatch2.1_beta3

invision_power_servicesinvision_power_boardMatch2.1_beta4

invision_power_servicesinvision_power_boardMatch2.1_beta5

invision_power_servicesinvision_power_boardMatch2.1_rc1

VendorProductVersionCPE
invision_power_servicesinvision_power_board2.0.0cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.0.1cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.0.2cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.0.3cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.0.4cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.0.xcpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.0cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.1cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.2cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
invision_power_services	invision_power_board	2.0.0	cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:::::::*
invision_power_services	invision_power_board	2.0.1	cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:::::::*
invision_power_services	invision_power_board	2.0.2	cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:::::::*
invision_power_services	invision_power_board	2.0.3	cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:::::::*
invision_power_services	invision_power_board	2.0.4	cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:::::::*
invision_power_services	invision_power_board	2.0.x	cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:::::::*
invision_power_services	invision_power_board	2.1	cpe:2.3:a:invision_power_services:invision_power_board:2.1:::::::*
invision_power_services	invision_power_board	2.1.0	cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:::::::*
invision_power_services	invision_power_board	2.1.1	cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:::::::*
invision_power_services	invision_power_board	2.1.2	cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:::::::*

Rows per page:

1-10 of 191

References

forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo

secunia.com/advisories/19901

securityreason.com/securityalert/551

www.securityfocus.com/archive/1/432591/100/0/threaded

www.securityfocus.com/archive/1/432948/30/0/threaded

www.securityfocus.com/bid/17837

www.vupen.com/english/advisories/2006/1605

exchange.xforce.ibmcloud.com/vulnerabilities/26190

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Related for CVE-2006-2204