Vulnerability Description
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invisioncommunity | Invision Power Board | 3.3.0 |
| Invisionpower | Invision Power Board | 3.4.7 |
Related Weaknesses (CWE)
References
- http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/ExploitPatch
- http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-updPatch
- http://seclists.org/fulldisclosure/2014/Nov/20
- http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/ExploitPatch
- http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-updPatch
- http://seclists.org/fulldisclosure/2014/Nov/20
FAQ
What is CVE-2014-9239?
CVE-2014-9239 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote a...
How severe is CVE-2014-9239?
CVE-2014-9239 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9239?
Check the references section above for vendor advisories and patch information. Affected products include: Invisioncommunity Invision Power Board, Invisionpower Invision Power Board.