CVE-2006-2204
published 2006-05-05CVE-2006-2204: SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote…
PriorityP425medium5.5CVSS 2.0
AVNACLAuSCPIPAN
EPSS
1.11%
61.8th percentile
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpohttp://secunia.com/advisories/19901http://securityreason.com/securityalert/551http://www.securityfocus.com/archive/1/432591/100/0/threadedhttp://www.securityfocus.com/archive/1/432948/30/0/threadedhttp://www.securityfocus.com/bid/17837http://www.vupen.com/english/advisories/2006/1605https://exchange.xforce.ibmcloud.com/vulnerabilities/26190http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpohttp://secunia.com/advisories/19901http://securityreason.com/securityalert/551http://www.securityfocus.com/archive/1/432591/100/0/threadedhttp://www.securityfocus.com/archive/1/432948/30/0/threadedhttp://www.securityfocus.com/bid/17837http://www.vupen.com/english/advisories/2006/1605https://exchange.xforce.ibmcloud.com/vulnerabilities/26190
2006-05-05
Published