Description
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
Exploits (1)
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26071
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432226/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/796
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17690
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19830
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1534
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/431990/100/0/threaded
Various Sources x_refsource_confirm
http://forums.invisionpower.com/index.php?showtopic=213374
Scores
EPSS
0.0223
EPSS Percentile
84.7%
Details
Status
published
Products (13)
invision_power_services/invision_board
2.0
invision_power_services/invision_board
2.0.1
invision_power_services/invision_board
2.0.2
invision_power_services/invision_board
2.0.3
invision_power_services/invision_board
2.0.4
invision_power_services/invision_board
2.0_alpha_3
invision_power_services/invision_board
2.0_pdr3
invision_power_services/invision_board
2.0_pf1
invision_power_services/invision_board
2.0_pf2
invision_power_services/invision_board
2.1
... and 3 more
Published
Apr 26, 2006
Tracked Since
Feb 18, 2026