CVE-2006-5203
published 2006-10-10CVE-2006-5203: Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands…
PriorityP422medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
0.87%
54.3th percentile
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| invision_power_services | invision_power_board | <= 2.1.7 | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Invision Power Services IP.Board up to 2.1.7 Control Panel cross site scripting (XFDB-29352)
vuldb·2026-04-23·CVSS 5.1
CVE-2006-5203 [MEDIUM] Invision Power Services IP.Board up to 2.1.7 Control Panel cross site scripting (XFDB-29352)
A vulnerability labeled as problematic has been found in Invision Power Services IP.Board up to 2.1.7. Affected is an unknown function of the component Control Panel. The manipulation results in basic cross site scripting.
This vulnerability was named CVE-2006-5203. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-2cvm-gqf6-2jwg: Invision Power Board (IPB) 2
ghsa_unreviewed·2022-05-01
CVE-2006-5203 [MEDIUM] GHSA-2cvm-gqf6-2jwg: Invision Power Board (IPB) 2
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2006-10-10
Published