IPB
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4928 | Hig | 0.57 | 8.8 | 0.01 | Mar 20, 2018 | SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | ||
| CVE-2013-3725 | 0.00 | — | 0.02 | Feb 12, 2020 | Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | |||
| CVE-2008-4171 | 0.00 | — | 0.01 | Sep 22, 2008 | SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||
| CVE-2008-1359 | 0.00 | — | 0.01 | Mar 17, 2008 | Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. | |||
| CVE-2007-4913 | 0.00 | — | 0.01 | Sep 17, 2007 | ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are… | |||
| CVE-2007-4912 | 0.00 | — | 0.01 | Sep 17, 2007 | Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other… | |||
| CVE-2007-4914 | 0.00 | — | 0.01 | Sep 17, 2007 | Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)… | |||
| CVE-2006-2498 | 0.00 | — | 0.02 | May 20, 2006 | Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. |
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.
- CVE-2013-3725Feb 12, 2020risk 0.00cvss —epss 0.02
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
- CVE-2008-4171Sep 22, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
- CVE-2008-1359Mar 17, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.
- CVE-2007-4913Sep 17, 2007risk 0.00cvss —epss 0.01
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are…
- CVE-2007-4912Sep 17, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other…
- CVE-2007-4914Sep 17, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)…
- CVE-2006-2498May 20, 2006risk 0.00cvss —epss 0.02
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.