CVE-2014-9239 — SQL Injection in Invision Power Board

CWE-89 — SQL Injection3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 41.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Invisioncommunity Invision Power Board Invisionpower Invision Power Board

Timeline

PublishedDec 3

Latest updateMay 13

Description

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDinvisionpower/invision_power_board3.4.7

▶NVDinvisioncommunity/invision_power_board12 versions+11

Patches

Patch: community.invisionpower.com ↗Patch: community.invisionpower.com ↗Patch: community.invisionpower.com ↗

🔴Vulnerability Details

GHSA

GHSA-ffwx-gcgv-gv97: SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect↗2022-05-13

▶

CVEList

CVE-2014-9239: SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect↗2014-12-03

▶