CVE-2006-1288

critical

Description

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25100

http://www.vupen.com/english/advisories/2006/0861

http://secunia.com/advisories/19141

http://forums.invisionpower.com/index.php?showtopic=204627

http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642

Details

Source: Mitre, NVD

Published: 2006-03-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00463