Invision Power Services » Invision Power Board » 2.1_beta5 : Security Vulnerabilities, CVEs, Published In 2006 (Sql injection)
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
Max CVSS
5.5
EPSS Score
0.54%
Published
2006-05-05
Updated
2018-10-18
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
Max CVSS
7.5
EPSS Score
1.12%
Published
2006-04-29
Updated
2018-10-18
2 vulnerabilities found