CVE-2004-1785

Name of the Vulnerable Software and Affected Versions Invision Power Board version 1.3

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting a SQL injection vulnerability in the calendar.php file, specifically through the m parameter, which sets the $this->chosen month variable.

Recommendations For Invision Power Board version 1.3, consider restricting access to the calendar.php file or the m parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the m parameter in the calendar.php file.