CVE-2004-1531

Invision Power Services Invision Board - SQL Injection

Title source: rule

Description

SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RusH · perlwebappsphp

https://www.exploit-db.com/exploits/648

View Code ZIP pw:eip

References (7)

[Patch] http://forums.invisionpower.com/index.php?showtopic=154916

[Mailing List] http://marc.info/?l=bugtraq&m=111462421824202&w=2

[Exploit] http://www.securityfocus.com/bid/11703

[Mailing List] http://marc.info/?l=bugtraq&m=111454805209191&w=2

[Patch] http://secunia.com/advisories/13245

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18164

[Mailing List] http://marc.info/?l=bugtraq&m=110079592702417&w=2

Scores

EPSS 0.0109

EPSS Percentile 78.0%

Details

Status published

Products (3)

invision_power_services/invision_board 2.0

invision_power_services/invision_board 2.0.1

invision_power_services/invision_board 2.0.2

Published Dec 31, 2004

Tracked Since Feb 18, 2026