Invision_power_board - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Invision_power_board
(Invisioncommunity)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	19

Date	Id	Summary	Products	Score	Patch	Annotated
2018-03-20	CVE-2014-4928	SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.	Invision_power_board	8.8
2014-07-03	CVE-2014-3149	Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	Invision_power_board, Ip\.nexus	N/A
2012-10-31	CVE-2012-5692	Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.	Invision_power_board, Invision_power_board	N/A
2010-09-16	CVE-2010-3424	Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	Invision_power_board	N/A
2009-11-18	CVE-2009-3974	Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number.	Invision_power_board	N/A
2020-03-13	CVE-2009-5159	Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.	Invision_power_board, Internet_explorer	N/A
2020-02-12	CVE-2013-3725	Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.	Invision_power_board	N/A
2020-01-09	CVE-2012-2226	Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.	Invision_power_board	N/A
2019-03-02	CVE-2019-8278	Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.	Invision_power_board	6.1