CVE-2006-5203

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 2.1.7 and earlier

Description The issue allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands. This can be achieved by creating a forum description that contains a crafted image with PHP code. The PHP code is executed when the user visits the "Manage Forums" link in the Admin control panel.

Recommendations For Invision Power Board (IPB) versions 2.1.7 and earlier, consider restricting access to the Admin control panel's "Manage Forums" link until a fix is available. As a temporary workaround, avoid using crafted images in forum descriptions to minimize the risk of exploitation.