CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-1288

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642
http://forums.invisionpower.com/index.php?showtopic=204627
http://secunia.com/advisories/19141
http://www.vupen.com/english/advisories/2006/0861
https://exchange.xforce.ibmcloud.com/vulnerabilities/25100
http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642
http://forums.invisionpower.com/index.php?showtopic=204627
http://secunia.com/advisories/19141
http://www.vupen.com/english/advisories/2006/0861
https://exchange.xforce.ibmcloud.com/vulnerabilities/25100

Products affected by CVE-2006-1288

Invision Power Services » Invision Power Board » Version: 2.0.4

cpe:2.3:a:invision_power_services:invision_power_board:2.0.4
Invision Power Services » Invision Power Board » Version: 2.1.4

cpe:2.3:a:invision_power_services:invision_power_board:2.1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1288

Products

Pricing

Contact Us