CVE Vulnerabilities

CVE-2006-3544

Published: Jul 13, 2006 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.

Affected Software

Name Vendor Start Version End Version
Invision_board Invision_power_services 1.3.1_final 1.3.1_final
Invision_board Invision_power_services 1.3_final 1.3_final

References