CVE-2006-5203
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/10/2006
Last modified:
09/04/2025
Description
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
Impact
Base Score 2.0
5.10
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:* | 2.1.7 (including) | |
| cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page