PT-2006-3077 · Invision · Invision Power Board

Satanchild123

Published

2006-04-29

Updated

2018-10-18

CVE-2006-2097

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) version 2.1.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the from contact field in a private message (PM) within the func msg.php file.

Recommendations For Invision Power Board (IPB) version 2.1.4, update to a version that fixes this issue to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2097

Affected Products

Invision Power Board

PT-2006-3077 · Invision · Invision Power Board

CVE-2006-2097

Related Identifiers

Affected Products

References · 9