Shodan
Vulnerabilities
Vulnerable Software
Invision Power Services:  Security Vulnerabilities
CVE-2005-1946
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-06-09
CVE-2005-1948
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-06-09
CVE-2005-1816
Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-06-01
CVE-2005-1817
Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters.
CVSS Score
5.0
EPSS Score
0.03
Published
2005-06-01
CVE-2005-1597
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
CVSS Score
4.3
EPSS Score
0.009
Published
2005-05-16
CVE-2005-1598
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
CVSS Score
7.5
EPSS Score
0.078
Published
2005-05-16
CVE-2005-1443
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.
CVSS Score
6.8
EPSS Score
0.01
Published
2005-05-03
CVE-2005-0217
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2005-05-02
CVE-2005-0886
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.
CVSS Score
4.3
EPSS Score
0.005
Published
2005-05-02
CVE-2005-1070
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved