Invision Power Services Invision Board — known CVE vulnerabilities
Every CVE whose affected-product data names Invision Power Services Invision Board, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2004-0338 — CVSS 10.0 (critical): SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st…
CVE-2005-1598 — CVSS 7.5 (high): SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a…
CVE-2005-1070 — CVSS 7.5 (high): SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL…
CVE-2004-1785 — CVSS 7.5 (high): SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2006-3544 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via…
CVE-2004-1531 — CVSS 7.5 (high): SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL…
CVE-2004-0359 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary…
CVE-2005-3549 — CVSS 6.5 (medium): Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code…
CVE-2002-1149 — CVSS 5.0 (medium): The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive…
CVE-2003-1454 — CVSS 5.0 (medium): Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie…
CVE-2004-0355 — CVSS 5.0 (medium): Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not…
CVE-2005-1817 — CVSS 5.0 (medium): Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with…
CVE-2005-2542 — CVSS 5.0 (medium): Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically…
CVE-2006-2061 — CVSS 5.0 (medium): SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote…
CVE-2005-1816 — CVSS 4.6 (medium): Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move…
CVE-2005-3547 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-1597 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows…
CVE-2005-0886 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script…
CVE-2005-3548 — CVSS 4.0 (medium): Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files…