CVE-2007-5688
Invision Power Services Invision Power Board - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/30712
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26213
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37461
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27406
Exploit x_refsource_misc
http://www.inj3ct-it.org/exploit/Multi_Host.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482838/100/0/threaded
Scores
EPSS
0.0043
EPSS Percentile
62.6%
Details
CWE
CWE-89
Status
published
Products (3)
invision_power_services/invision_power_board
phpbb/phpbb
sebflipper/multi-forums_module
1.3.3
Published
Oct 29, 2007
Tracked Since
Feb 18, 2026