Invision Power · Invision Power Board · CVE-2014-9239
**Name of the Vulnerable Software and Affected Versions**
Invision Power Board versions 3.3.x through 3.4.7
**Description**
The issue allows remote attackers to execute arbitrary SQL commands via the `id[]` parameter in the IPS Connect service, located at the "interface/ipsconnect/ipsconnect.php" endpoint.
**Recommendations**
For versions 3.3.x through 3.4.7, update to a version released after 20141114 to resolve the issue.