← voltar
CVE-2006-3543

CVE-2006-3543

EPSS 1.1%
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/28167não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://securityreason.com/securityalert/1231http://www.osvdb.org/30084http://www.securityfocus.com/archive/1/439145/100/0/threadedhttp://www.securityfocus.com/archive/1/439602/100/0/threadedhttp://www.securityfocus.com/bid/18836