Invision · Invision Power Board · CVE-2006-2097
**Name of the Vulnerable Software and Affected Versions**
Invision Power Board (IPB) version 2.1.4
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `from contact` field in a private message (PM) within the `func msg.php` file.
**Recommendations**
For Invision Power Board (IPB) version 2.1.4, update to a version that fixes this issue to prevent exploitation.