Invision Power Board@* Security Vulnerabilities and Issues — Invision Power Board@* CVE List

Lucene search

InvisioncommunityInvision Power Board*

5 matches found

CVE•added 2020/01/09 9:15 p.m.•53 views

CVE-2012-2226

Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.

9.8CVSS9.4AI score0.13027EPSS

CVE•added 2018/03/20 9:29 p.m.•53 views

CVE-2014-4928

SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.

8.8CVSS9.2AI score0.0039EPSS

CVE•added 2021/08/17 11:15 p.m.•42 views

CVE-2021-39249

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

6.1CVSS6AI score0.00337EPSS

CVE•added 2021/08/17 11:15 p.m.•40 views

CVE-2021-39250

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

5.4CVSS5.5AI score0.00455EPSS

CVE•added 2020/02/12 7:15 p.m.•39 views

CVE-2013-3725

Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

9.8CVSS9.5AI score0.00884EPSS