CVE-2006-2061

EPSS 1.64%
Published 26.04.2006 20:06:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Invision Power Services ≫ Invision Board Version2.0

Invision Power Services ≫ Invision Board Version2.0.1

Invision Power Services ≫ Invision Board Version2.0.2

Invision Power Services ≫ Invision Board Version2.0.3

Invision Power Services ≫ Invision Board Version2.0.4

Invision Power Services ≫ Invision Board Version2.0_alpha_3

Invision Power Services ≫ Invision Board Version2.0_pdr3

Invision Power Services ≫ Invision Board Version2.0_pf1

Invision Power Services ≫ Invision Board Version2.0_pf2

Invision Power Services ≫ Invision Board Version2.1

Invision Power Services ≫ Invision Board Version2.1.5

Invision Power Services ≫ Invision Board Version2.1_alpha2

Invision Power Services ≫ Invision Power Board Version2.1.5_2006-03-08

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.64%	0.811

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://forums.invisionpower.com/index.php?showtopic=213374

http://secunia.com/advisories/19830

http://securityreason.com/securityalert/796

http://www.securityfocus.com/archive/1/431990/100/0/threaded

http://www.securityfocus.com/archive/1/432226/100/0/threaded

http://www.vupen.com/english/advisories/2006/1534

http://www.securityfocus.com/bid/17690

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/26071

https://nvd.nist.gov/vuln/detail/CVE-2006-2061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2061

EUVD