CVE-2005-1070

Description

SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.

Affected products

• invision_power_services / invision_board1.0 – 1.0
• invision_power_services / invision_board1.0.1 – 1.0.1
• invision_power_services / invision_board1.1.1 – 1.1.1
• invision_power_services / invision_board1.1.2 – 1.1.2
• invision_power_services / invision_board1.2 – 1.2
• invision_power_services / invision_board1.3 – 1.3
• invision_power_services / invision_board1.3.1_final – 1.3.1_final
• invision_power_services / invision_board1.3_final – 1.3_final

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/20059
• MISChttp://www.securityfocus.com/bid/13097
• MISChttp://www.securityfocus.com/archive/1/395515
• MISChttp://www.securitytracker.com/alerts/2005/Apr/1013676.html