PT-2006-2104 · Invision · Invision Power Board

Published

2006-03-09

Updated

2018-10-18

CVE-2006-1076

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) version 2.1.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possibly related to a showtopic operation in the index.php file, where the st parameter is vulnerable.

Recommendations For Invision Power Board (IPB) version 2.1.5, consider restricting access to the index.php file or the showtopic operation until a fix is available. As a temporary workaround, avoid using the st parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1076

Affected Products

Invision Power Board

PT-2006-2104 · Invision · Invision Power Board

CVE-2006-1076

Related Identifiers

Affected Products

References · 7