CVE-2006-3544

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:invision_power_services:invision_board:1.3.1_final:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_board:1.3_final:*:*:*:*:*:*:*

History

21 Nov 2024, 00:13

Type Values Removed Values Added
References () http://securityreason.com/securityalert/1225 - () http://securityreason.com/securityalert/1225 -
References () http://www.osvdb.org/30084 - () http://www.osvdb.org/30084 -
References () http://www.securityfocus.com/archive/1/438961/100/0/threaded - () http://www.securityfocus.com/archive/1/438961/100/0/threaded -
References () http://www.securityfocus.com/archive/1/439629/100/0/threaded - () http://www.securityfocus.com/archive/1/439629/100/0/threaded -
References () http://www.securityfocus.com/bid/18782 - Exploit () http://www.securityfocus.com/bid/18782 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/27555 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/27555 -

Information

Published : 2006-07-13 00:05

Updated : 2025-04-03 01:03


NVD link : CVE-2006-3544

Mitre link : CVE-2006-3544

CVE.ORG link : CVE-2006-3544


JSON object : View

Products Affected

invision_power_services

  • invision_board