Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Invision_power_board
(Invisioncommunity)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 19 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-03-20 | CVE-2014-4928 | SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | Invision_power_board | 8.8 | ||
2014-07-03 | CVE-2014-3149 | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Invision_power_board, Ip\.nexus | N/A | ||
2012-10-31 | CVE-2012-5692 | Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. | Invision_power_board, Invision_power_board | N/A | ||
2010-09-16 | CVE-2010-3424 | Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Invision_power_board | N/A | ||
2009-11-18 | CVE-2009-3974 | Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. | Invision_power_board | N/A | ||
2020-03-13 | CVE-2009-5159 | Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | Invision_power_board, Internet_explorer | N/A | ||
2020-02-12 | CVE-2013-3725 | Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | Invision_power_board | N/A | ||
2020-01-09 | CVE-2012-2226 | Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | Invision_power_board | N/A | ||
2019-03-02 | CVE-2019-8278 | Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | Invision_power_board | 6.1 |