SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Invision_board | Invision_power_services | 2.0_pdr3 | 2.0_pdr3 |
Invision_board | Invision_power_services | 1.3 | 1.3 |
Invision_board | Invision_power_services | 1.1.1 | 1.1.1 |
Invision_board | Invision_power_services | 1.2 | 1.2 |
Invision_board | Invision_power_services | 1.0 | 1.0 |
Invision_power_board | Invision_power_services | 2.0.3 | 2.0.3 |
Invision_board | Invision_power_services | 2.0_alpha_3 | 2.0_alpha_3 |
Invision_board | Invision_power_services | 1.1.2 | 1.1.2 |
Invision_board | Invision_power_services | 1.0.1 | 1.0.1 |