Lucene search

MitreCVE-2006-7071

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2006-7071

2007-03-0221:18:00

mitre

web.nvd.nist.gov

cve-2006-7071

sql injection

invision power board

ipb 2.1-2.1.6

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.007

Percentile

80.1%

JSON

SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.

Affected configurations

Nvd

Node

invision_power_servicesinvision_power_boardMatch2.1.1

invision_power_servicesinvision_power_boardMatch2.1.2

invision_power_servicesinvision_power_boardMatch2.1.3

invision_power_servicesinvision_power_boardMatch2.1.4

invision_power_servicesinvision_power_boardMatch2.1.5

invision_power_servicesinvision_power_boardMatch2.1.6

VendorProductVersionCPE
invision_power_servicesinvision_power_board2.1.1cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.2cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.3cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.4cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.5cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*
invision_power_servicesinvision_power_board2.1.6cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
invision_power_services	invision_power_board	2.1.1	cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:::::::*
invision_power_services	invision_power_board	2.1.2	cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:::::::*
invision_power_services	invision_power_board	2.1.3	cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:::::::*
invision_power_services	invision_power_board	2.1.4	cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:::::::*
invision_power_services	invision_power_board	2.1.5	cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:::::::*
invision_power_services	invision_power_board	2.1.6	cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:::::::*

References

archives.neohapsis.com/archives/bugtraq/2006-07/0249.html

rst.void.ru/download/r57ipb216gui.txt

secunia.com/advisories/21072

securityreason.com/securityalert/2325

www.vupen.com/english/advisories/2006/2810

exchange.xforce.ibmcloud.com/vulnerabilities/27753

www.exploit-db.com/exploits/2010

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.007

Percentile

80.1%

JSON

Related for CVE-2006-7071