What is the severity of CVE-2006-7064?

CVE-2006-7064 is classified as a medium severity vulnerability due to its ability to exploit administrator privileges via XSS.

How do I fix CVE-2006-7064?

To fix CVE-2006-7064, it is recommended to upgrade to a version of Invision Power Board that is not vulnerable, specifically versions after 2.1.6.

Which versions are affected by CVE-2006-7064?

CVE-2006-7064 affects Invision Power Board versions up to and including 2.1.6.

What type of attack is associated with CVE-2006-7064?

CVE-2006-7064 is associated with cross-site scripting (XSS) attacks that allow remote attackers to inject arbitrary web scripts or HTML.

Can CVE-2006-7064 affect a website's security?

Yes, CVE-2006-7064 can significantly compromise a website's security by allowing attackers to exploit administrative functionalities.

Vulnerability/
CVE-2006-7064

critical

9.3

CWE

NVD-CWE-Other 79

24/2/2007

7/8/2024

CVE-2006-7064: XSS

First published: Sat Feb 24 2007(Updated: )

Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Invision Power Board	=1.0
Invision Power Board	=1.0.1
Invision Power Board	=1.0.3
Invision Power Board	=1.1.1
Invision Power Board	=1.1.2
Invision Power Board	=1.2
Invision Power Board	=1.3
Invision Power Board	=1.3.1_final
Invision Power Board	=1.3_final
Invision Power Board	=2.0
Invision Power Board	=2.0.0
Invision Power Board	=2.0.1
Invision Power Board	=2.0.2
Invision Power Board	=2.0.3
Invision Power Board	=2.0.4
Invision Power Board	=2.0.x
Invision Power Board	=2.0_alpha3
Invision Power Board	=2.0_pdr3
Invision Power Board	=2.0_pf1
Invision Power Board	=2.0_pf2
Invision Power Board	=2.1
Invision Power Board	=2.1.0
Invision Power Board	=2.1.1
Invision Power Board	=2.1.2
Invision Power Board	=2.1.3
Invision Power Board	=2.1.4
Invision Power Board	=2.1.5
Invision Power Board	=2.1.5_2006-03-08
Invision Power Board	=2.1.5_2006-04-25
Invision Power Board	=2.1.6
Invision Power Board	=2.1_alpha2
Invision Power Board	=2.1_beta2
Invision Power Board	=2.1_beta3
Invision Power Board	=2.1_beta4
Invision Power Board	=2.1_beta5
Invision Power Board	=2.1_rc1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-7064?
CVE-2006-7064 is classified as a medium severity vulnerability due to its ability to exploit administrator privileges via XSS.
How do I fix CVE-2006-7064?
To fix CVE-2006-7064, it is recommended to upgrade to a version of Invision Power Board that is not vulnerable, specifically versions after 2.1.6.
Which versions are affected by CVE-2006-7064?
CVE-2006-7064 affects Invision Power Board versions up to and including 2.1.6.
What type of attack is associated with CVE-2006-7064?
CVE-2006-7064 is associated with cross-site scripting (XSS) attacks that allow remote attackers to inject arbitrary web scripts or HTML.
Can CVE-2006-7064 affect a website's security?
Yes, CVE-2006-7064 can significantly compromise a website's security by allowing attackers to exploit administrative functionalities.

agent/references
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/invision power services
product/invision power board
canonical/invision power services invision power board
canonical/invision power board
version/invision power board/1.0
version/invision power board/1.0.1
version/invision power board/1.0.3
version/invision power board/1.1.1
version/invision power board/1.1.2
version/invision power board/1.2
version/invision power board/1.3
version/invision power board/1.3.1_final
version/invision power board/1.3_final
version/invision power board/2.0
version/invision power board/2.0.0
version/invision power board/2.0.1
version/invision power board/2.0.2
version/invision power board/2.0.3
version/invision power board/2.0.4
version/invision power board/2.0.x
version/invision power board/2.0_alpha3
version/invision power board/2.0_pdr3
version/invision power board/2.0_pf1
version/invision power board/2.0_pf2
version/invision power board/2.1
version/invision power board/2.1.0
version/invision power board/2.1.1
version/invision power board/2.1.2
version/invision power board/2.1.3
version/invision power board/2.1.4
version/invision power board/2.1.5
version/invision power board/2.1.5_2006-03-08
version/invision power board/2.1.5_2006-04-25
version/invision power board/2.1.6
version/invision power board/2.1_alpha2
version/invision power board/2.1_beta2
version/invision power board/2.1_beta3
version/invision power board/2.1_beta4
version/invision power board/2.1_beta5
version/invision power board/2.1_rc1

Frequently Asked Questions

What is the severity of CVE-2006-7064?
CVE-2006-7064 is classified as a medium severity vulnerability due to its ability to exploit administrator privileges via XSS.
How do I fix CVE-2006-7064?
To fix CVE-2006-7064, it is recommended to upgrade to a version of Invision Power Board that is not vulnerable, specifically versions after 2.1.6.
Which versions are affected by CVE-2006-7064?
CVE-2006-7064 affects Invision Power Board versions up to and including 2.1.6.
What type of attack is associated with CVE-2006-7064?
CVE-2006-7064 is associated with cross-site scripting (XSS) attacks that allow remote attackers to inject arbitrary web scripts or HTML.
Can CVE-2006-7064 affect a website's security?
Yes, CVE-2006-7064 can significantly compromise a website's security by allowing attackers to exploit administrative functionalities.

CVE-2006-7064: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-7064?

How do I fix CVE-2006-7064?

Which versions are affected by CVE-2006-7064?

What type of attack is associated with CVE-2006-7064?

Can CVE-2006-7064 affect a website's security?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2006-7064?

How do I fix CVE-2006-7064?

Which versions are affected by CVE-2006-7064?

What type of attack is associated with CVE-2006-7064?

Can CVE-2006-7064 affect a website's security?