Vulnerability Description
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invision Power Services | Invision Board | 2.0 |
| Invision Power Services | Invision Power Board | 2.1.5_2006-03-08 |
References
- http://forums.invisionpower.com/index.php?showtopic=213374
- http://secunia.com/advisories/19830
- http://securityreason.com/securityalert/796
- http://www.securityfocus.com/archive/1/431990/100/0/threaded
- http://www.securityfocus.com/archive/1/432226/100/0/threaded
- http://www.securityfocus.com/bid/17690Patch
- http://www.vupen.com/english/advisories/2006/1534
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26071
- http://forums.invisionpower.com/index.php?showtopic=213374
- http://secunia.com/advisories/19830
- http://securityreason.com/securityalert/796
- http://www.securityfocus.com/archive/1/431990/100/0/threaded
- http://www.securityfocus.com/archive/1/432226/100/0/threaded
- http://www.securityfocus.com/bid/17690Patch
- http://www.vupen.com/english/advisories/2006/1534
FAQ
What is CVE-2006-2061?
CVE-2006-2061 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, wh...
How severe is CVE-2006-2061?
CVE-2006-2061 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2061?
Check the references section above for vendor advisories and patch information. Affected products include: Invision Power Services Invision Board, Invision Power Services Invision Power Board.