VYPR

IPB

by Invision Power Services

CVEs (8)

  • CVE-2014-4928HigMar 20, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.

  • CVE-2013-3725Feb 12, 2020
    risk 0.00cvss epss 0.02

    Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

  • CVE-2008-4171Sep 22, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.

  • CVE-2008-1359Mar 17, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.

  • CVE-2007-4913Sep 17, 2007
    risk 0.00cvss epss 0.01

    ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are…

  • CVE-2007-4912Sep 17, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other…

  • CVE-2007-4914Sep 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)…

  • CVE-2006-2498May 20, 2006
    risk 0.00cvss epss 0.02

    Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.