Vulnerability Details CVE-2004-1785
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786
- http://secunia.com/advisories/10530
- http://www.osvdb.org/3319
- http://www.securityfocus.com/archive/1/348821
- http://www.securityfocus.com/bid/9353
- http://www.securitytracker.com/id?1008589
- http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786
- http://secunia.com/advisories/10530
- http://www.osvdb.org/3319
- http://www.securityfocus.com/archive/1/348821
- http://www.securityfocus.com/bid/9353
- http://www.securitytracker.com/id?1008589
Products affected by CVE-2004-1785
-
cpe:2.3:a:invision_power_services:invision_board:1.0
-
cpe:2.3:a:invision_power_services:invision_board:1.0.1
-
cpe:2.3:a:invision_power_services:invision_board:1.1.1
-
cpe:2.3:a:invision_power_services:invision_board:1.1.2
-
cpe:2.3:a:invision_power_services:invision_board:1.2
-
cpe:2.3:a:invision_power_services:invision_board:1.3