CVE-2006-2061: SQL Injection
First published: Wed Apr 26 2006(Updated: )
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Invisioncommunity Invision Power Board | =2.1 | |
| Invisioncommunity Invision Power Board | =2.0_pdr3 | |
| Invisioncommunity Invision Power Board | =2.0.3 | |
| Invision Power Board | =2.1.5_2006-03-08 | |
| Invisioncommunity Invision Power Board | =2.0.1 | |
| Invisioncommunity Invision Power Board | =2.0_pf2 | |
| Invisioncommunity Invision Power Board | =2.0.2 | |
| Invisioncommunity Invision Power Board | =2.1_alpha2 | |
| Invisioncommunity Invision Power Board | =2.0_alpha_3 | |
| Invisioncommunity Invision Power Board | =2.1.5 | |
| Invisioncommunity Invision Power Board | =2.0 | |
| Invisioncommunity Invision Power Board | =2.0.4 | |
| Invisioncommunity Invision Power Board | =2.0_pf1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://forums.invisionpower.com/index.php?showtopic=213374
- http://www.securityfocus.com/bid/17690
- http://secunia.com/advisories/19830
- http://securityreason.com/securityalert/796
- http://www.vupen.com/english/advisories/2006/1534
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26071
- http://www.securityfocus.com/archive/1/432226/100/0/threaded
- http://www.securityfocus.com/archive/1/431990/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-2061?
The severity of CVE-2006-2061 is considered high due to the potential for remote SQL command execution.
How do I fix CVE-2006-2061?
To fix CVE-2006-2061, update to a patched version of Invision Power Board released after April 25, 2006.
What versions of Invision Power Board are affected by CVE-2006-2061?
CVE-2006-2061 affects Invision Power Board versions 2.0.x and 2.1.x prior to April 25, 2006.
What is the main issue caused by CVE-2006-2061?
The main issue caused by CVE-2006-2061 is the ability for attackers to execute arbitrary SQL commands via a vulnerability in a specific script.
Can CVE-2006-2061 be exploited remotely?
Yes, CVE-2006-2061 can be exploited remotely by attackers targeting the vulnerable parameters.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/remedy
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/invision power services
- product/invision board
- canonical/invision power services invision board
- product/invision power board
- canonical/invision power services invision power board
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/invisioncommunity invision power board
- version/invisioncommunity invision power board/2.1
- version/invisioncommunity invision power board/2.0_pdr3
- version/invisioncommunity invision power board/2.0.3
- canonical/invision power board
- version/invision power board/2.1.5_2006-03-08
- version/invisioncommunity invision power board/2.0.1
- version/invisioncommunity invision power board/2.0_pf2
- version/invisioncommunity invision power board/2.0.2
- version/invisioncommunity invision power board/2.1_alpha2
- version/invisioncommunity invision power board/2.0_alpha_3
- version/invisioncommunity invision power board/2.1.5
- version/invisioncommunity invision power board/2.0
- version/invisioncommunity invision power board/2.0.4
- version/invisioncommunity invision power board/2.0_pf1