Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2061

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2061
Last Modified 07 Mar 2011 09:35:05
Published 26 Apr 2006 04:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2061

Summary

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

Vulnerable Systems

Application

  • Invision Power Services Invision Board 2.0

  • Invision Power Services Invision Board 2.0 Alpha 3

  • Invision Power Services Invision Board 2.0 Pdr3

  • Invision Power Services Invision Board 2.0 Pf1

  • Invision Power Services Invision Board 2.0 Pf2

  • Invision Power Services Invision Board 2.0.1

  • Invision Power Services Invision Board 2.0.2

  • Invision Power Services Invision Board 2.0.3

  • Invision Power Services Invision Board 2.0.4

  • Invision Power Services Invision Board 2.1

  • Invision Power Services Invision Board 2.1 Alpha2

  • Invision Power Services Invision Board 2.1.5

  • Invision Power Services Invision Power Board 2.1.5 2006-03-08


References

BID - 17690

VUPEN - ADV-2006-1534

BUGTRAQ - 20060425 Invision Vulnerabilities, including remote code execution

CONFIRM - http://forums.invisionpower.com/index.php?showtopic=213374

XF - invision-index-ck-sql-injection(26071)

BUGTRAQ - 20060427 Re: Invision Vulnerabilities, including remote code execution

SREASON - 796

SECUNIA - 19830


Last Updated: 27 May 2016 10:42:19