Lucene search

[email protected]NVD:CVE-2006-1288

HistoryMar 19, 2006 - 11:02 p.m.

CVE-2006-1288

2006-03-1923:02:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.

Affected configurations

NVD

Node

invision_power_servicesinvision_power_boardMatch2.0.4

invision_power_servicesinvision_power_boardMatch2.1.4

References

forums.invisionpower.com/index.php?act=Attach&type=post&id=9642

forums.invisionpower.com/index.php?showtopic=204627

secunia.com/advisories/19141

www.vupen.com/english/advisories/2006/0861

exchange.xforce.ibmcloud.com/vulnerabilities/25100

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Related for NVD:CVE-2006-1288

cve1 cvelist1 prion1