CVE-2005-3549

critical

Description

Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/40003

http://www.securityfocus.com/archive/1/415798/30/0/threaded

http://secunia.com/advisories/17443

Details

Source: Mitre, NVD

Published: 2005-11-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01203