Invision Power Board Calendar SQL Injection Vulnerability Network Vulnerability

Summary

The remote host is running Invision Power Board - a CGI suite designed to set up a bulletin board system on the remote web server. A vulnerability has been discovered in the sources/calendar.php file that allows unauthorized users to inject SQL commands. An attacker may use this flaw to gain the control of the remote database

Solution

Upgrade to the latest version of this software.

References

http://www.invisionboard.com/download/index.php?act=dl&s=1&id=12&p=1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-1785
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Agora CGI Cross Site Scripting
Alchemy Eye HTTP Command Execution
Avenger's News System Command Execution
admin.cgi overflow
AWStats configdir parameter arbitrary cmd exec

Take action and discover your vulnerabilities