CVE-2006-3544

Name of the Vulnerable Software and Affected Versions Invision Power Board version 1.3 Final

Description The issue concerns SQL injection vulnerabilities that could allow remote attackers to execute arbitrary SQL commands. This is allegedly possible via the CODE parameter in certain actions in index.php, including Stats, Mail, and Reg. However, the developer has disputed this, stating that the CODE parameter does not interact with the database and is used in a SWITCH statement to determine which function to run.

Recommendations For Invision Power Board version 1.3 Final, consider restricting access to the CODE parameter in the affected API endpoints, such as "/index.php" with actions Stats, Mail, and Reg, until the dispute is resolved or more information is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.