Invision Power Board Security Vulnerabilities and Issues — Invision Power Board CVE List

Lucene search

Invision Power ServicesInvision Power Board

9 matches found

CVE•added 2006/04/26 8:6 p.m.•42 views

CVE-2006-2059

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

5CVSS7.5AI score0.10624EPSS

CVE•added 2006/02/28 11:2 a.m.•37 views

CVE-2006-0909

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff...

5CVSS6.3AI score0.00408EPSS

CVE•added 2006/03/19 2:2 a.m.•34 views

CVE-2006-1267

Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.

5.1CVSS7AI score0.00594EPSS

CVE•added 2006/04/26 8:6 p.m.•34 views

CVE-2006-2061

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

5CVSS8.4AI score0.01635EPSS

CVE•added 2007/04/30 10:19 p.m.•34 views

CVE-2007-2349

Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.

5.8CVSS5.7AI score0.0035EPSS

CVE•added 2006/02/28 11:2 a.m.•33 views

CVE-2006-0910

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ...

5CVSS6.7AI score0.00341EPSS

CVE•added 2006/03/19 11:2 p.m.•31 views

CVE-2006-1287

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.

5.8CVSS5.9AI score0.00295EPSS

CVE•added 2006/10/10 4:6 a.m.•31 views

CVE-2006-5203

Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the...

5.1CVSS7.9AI score0.00306EPSS

CVE•added 2006/05/05 12:46 p.m.•28 views

CVE-2006-2204

SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable ...

5.5CVSS8AI score0.00315EPSS