Invision · Invision Power Board · CVE-2005-1598
**Name of the Vulnerable Software and Affected Versions**
Invision Power Board versions 2.0.3 and earlier
**Description**
The issue allows remote attackers to execute arbitrary SQL commands by modifying the internal `$pid` variable via a crafted cookie password hash (`pass hash`).
**Recommendations**
For versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue.