Vulnerability-Lookup

CVE-2006-2061 (GCVE-0-2006-2061)

Vulnerability from cvelistv5 – Published: 2006-04-26 20:00 – Updated: 2024-08-07 17:35

Summary

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/432226/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/796	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/17690	vdb-entryx_refsource_BID
	http://secunia.com/advisories/19830	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/1534	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/431990/100…	mailing-listx_refsource_BUGTRAQ
	http://forums.invisionpower.com/index.php?showtop…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "invision-index-ck-sql-injection(26071)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
          },
          {
            "name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
          },
          {
            "name": "796",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/796"
          },
          {
            "name": "17690",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17690"
          },
          {
            "name": "19830",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19830"
          },
          {
            "name": "ADV-2006-1534",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1534"
          },
          {
            "name": "20060425 Invision Vulnerabilities, including remote code execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "invision-index-ck-sql-injection(26071)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
        },
        {
          "name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
        },
        {
          "name": "796",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/796"
        },
        {
          "name": "17690",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17690"
        },
        {
          "name": "19830",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19830"
        },
        {
          "name": "ADV-2006-1534",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1534"
        },
        {
          "name": "20060425 Invision Vulnerabilities, including remote code execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "invision-index-ck-sql-injection(26071)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
            },
            {
              "name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
            },
            {
              "name": "796",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/796"
            },
            {
              "name": "17690",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17690"
            },
            {
              "name": "19830",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19830"
            },
            {
              "name": "ADV-2006-1534",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1534"
            },
            {
              "name": "20060425 Invision Vulnerabilities, including remote code execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
            },
            {
              "name": "http://forums.invisionpower.com/index.php?showtopic=213374",
              "refsource": "CONFIRM",
              "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2061",
    "datePublished": "2006-04-26T20:00:00",
    "dateReserved": "2006-04-26T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2061\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-26T20:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FABB6806-5DC0-4146-89FC-05D079F0CFEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C77C15A2-9A9D-4C3F-8A62-18C54941B79C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F427913-7FEB-49CA-AD9F-5E5EC77CA9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"993BCE2D-C03F-4F2F-A973-68CEC6B34EA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B8C2DB4-06C3-4400-B0F3-2025FD829788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"053B554A-AC3D-496F-9E3D-D357D14B87E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61B7742A-2BD1-4119-8850-5BCB35E9F7C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC4CBB17-B8EB-4A60-B8F5-34A2816373FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05FA7E1F-D9D2-419F-A9DE-7BE4253F897E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09F88FD5-0335-4404-AD20-63737A76B051\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4B47FAD-8DCA-4B31-A5CF-884286F49E05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5116FA-C532-42DF-ABBD-193AD7B799A6\"}]}]}],\"references\":[{\"url\":\"http://forums.invisionpower.com/index.php?showtopic=213374\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19830\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/796\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/431990/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/432226/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17690\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1534\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26071\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://forums.invisionpower.com/index.php?showtopic=213374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19830\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/431990/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/432226/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"The vendor has released an update to address this and other versions.\"}}"
  }
}

GSD-2006-2061

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2061

Aliases

CVE-2006-2061

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2061",
    "description": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.",
    "id": "GSD-2006-2061"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2061"
      ],
      "details": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.",
      "id": "GSD-2006-2061",
      "modified": "2023-12-13T01:19:53.240460Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2061",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "invision-index-ck-sql-injection(26071)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
          },
          {
            "name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
          },
          {
            "name": "796",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/796"
          },
          {
            "name": "17690",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17690"
          },
          {
            "name": "19830",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19830"
          },
          {
            "name": "ADV-2006-1534",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1534"
          },
          {
            "name": "20060425 Invision Vulnerabilities, including remote code execution",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
          },
          {
            "name": "http://forums.invisionpower.com/index.php?showtopic=213374",
            "refsource": "CONFIRM",
            "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2061"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.invisionpower.com/index.php?showtopic=213374",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
            },
            {
              "name": "17690",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/17690"
            },
            {
              "name": "19830",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19830"
            },
            {
              "name": "796",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/796"
            },
            {
              "name": "ADV-2006-1534",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1534"
            },
            {
              "name": "invision-index-ck-sql-injection(26071)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
            },
            {
              "name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
            },
            {
              "name": "20060425 Invision Vulnerabilities, including remote code execution",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:37Z",
      "publishedDate": "2006-04-26T20:06Z"
    }
  }
}

FKIE_CVE-2006-2061

Vulnerability from fkie_nvd - Published: 2006-04-26 20:06 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://forums.invisionpower.com/index.php?showtopic=213374
cve@mitre.org	http://secunia.com/advisories/19830
cve@mitre.org	http://securityreason.com/securityalert/796
cve@mitre.org	http://www.securityfocus.com/archive/1/431990/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/432226/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17690	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1534
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26071
af854a3a-2127-422b-91ae-364da2661108	http://forums.invisionpower.com/index.php?showtopic=213374
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19830
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/796
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/431990/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/432226/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17690	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1534
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26071

Impacted products

Vendor	Product	Version
invision_power_services	invision_board	2.0
invision_power_services	invision_board	2.0.1
invision_power_services	invision_board	2.0.2
invision_power_services	invision_board	2.0.3
invision_power_services	invision_board	2.0.4
invision_power_services	invision_board	2.0_alpha_3
invision_power_services	invision_board	2.0_pdr3
invision_power_services	invision_board	2.0_pf1
invision_power_services	invision_board	2.0_pf2
invision_power_services	invision_board	2.1
invision_power_services	invision_board	2.1.5
invision_power_services	invision_board	2.1_alpha2
invision_power_services	invision_power_board	2.1.5_2006-03-08

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F427913-7FEB-49CA-AD9F-5E5EC77CA9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "993BCE2D-C03F-4F2F-A973-68CEC6B34EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
              "matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B7742A-2BD1-4119-8850-5BCB35E9F7C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4CBB17-B8EB-4A60-B8F5-34A2816373FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05FA7E1F-D9D2-419F-A9DE-7BE4253F897E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F88FD5-0335-4404-AD20-63737A76B051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B47FAD-8DCA-4B31-A5CF-884286F49E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
    }
  ],
  "evaluatorSolution": "The vendor has released an update to address this and other versions.",
  "id": "CVE-2006-2061",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-26T20:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19830"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/796"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17690"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1534"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-181

Vulnerability from certfr_avis - Published: 2006-05-04 - Updated: 2006-05-04

None

Description

De multiples vulnérabilités affectant le forum Invision Power Board ont été découvertes. Leur exploitation permet l'exécution de code arbitraire à distance.

Solution

Passer en version 2.1.5 ou appliquer le correctif pour la version 2.1.5 indiqué dans le message posté sur le forum d'Invision Power (cf. section Documentation).

Invision Power Board versions antérieures à 2.1.5. La version 2.1.5 est vulnérable si elle est antérieure au 25 avril 2006.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

GHSA-2C24-45X7-QRMP

Vulnerability from github – Published: 2022-05-01 06:55 – Updated: 2022-05-01 06:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2061"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-26T20:06:00Z",
    "severity": "MODERATE"
  },
  "details": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.",
  "id": "GHSA-2c24-45x7-qrmp",
  "modified": "2022-05-01T06:55:22Z",
  "published": "2022-05-01T06:55:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2061"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
    },
    {
      "type": "WEB",
      "url": "http://forums.invisionpower.com/index.php?showtopic=213374"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19830"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/796"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17690"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1534"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2061 (GCVE-0-2006-2061)

GSD-2006-2061

FKIE_CVE-2006-2061

CERTA-2006-AVI-181

Description

Solution

GHSA-2C24-45X7-QRMP

Tags

Sightings

Nomenclature