Invision Power Board Security Vulnerabilities and Issues — Invision Power Board CVE List

Lucene search

Invision Power ServicesInvision Power Board

4 matches found

CVE•added 2006/04/26 8:6 p.m.•42 views

CVE-2006-2059

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

5CVSS7.5AI score0.10624EPSS

CVE•added 2006/04/29 10:2 a.m.•40 views

CVE-2006-2097

SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).

7.5CVSS8.3AI score0.00698EPSS

CVE•added 2006/04/26 8:6 p.m.•34 views

CVE-2006-2061

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

5CVSS8.4AI score0.01635EPSS

CVE•added 2006/04/26 8:6 p.m.•30 views

CVE-2006-2060

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%0...

6.4CVSS6.8AI score0.02256EPSS