CVE-2006-2204

Name of the Vulnerable Software and Affected Versions Invision Power Board version 2.1.5

Description The issue concerns a SQL injection vulnerability in the topic deletion functionality, specifically in the post delete function located in func mod.php. This vulnerability allows remote authenticated moderators to execute arbitrary SQL commands. The vulnerability is exploited via the selectedpids parameter, which can bypass an integer value check when the $id variable is an array.

Recommendations For Invision Power Board version 2.1.5, consider disabling the post delete function in func mod.php as a temporary workaround until a patch is available. Restrict access to the selectedpids parameter in the topic deletion functionality to minimize the risk of exploitation.