Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1288

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1288
Last Modified 07 Mar 2011 09:32:42
Published 19 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1288

Summary

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.

Vulnerable Systems

Application

  • Invision Power Services Invision Power Board 2.0.4

  • Invision Power Services Invision Power Board 2.1.4


References

CONFIRM - http://forums.invisionpower.com/index.php?showtopic=204627

CONFIRM - http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642

VUPEN - ADV-2006-0861

XF - invision-multiple-sql-injection(25100)

SECUNIA - 19141


Last Updated: 27 May 2016 10:42:00