CVE-2006-2061 - OpenCVE

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Invision Power Services	Invision Board Invision Power Board

Configuration 1 [-]

OR	cpe:2.3:a:invision_power_services:invision_board:2.0:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.1:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.2:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.3:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.4:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.1:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.1.5:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:::::::*
	cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:::::::*

References

Link	Resource
http://forums.invisionpower.com/index.php?showtopic=213374
http://secunia.com/advisories/19830
http://securityreason.com/securityalert/796
http://www.securityfocus.com/archive/1/431990/100/0/threaded
http://www.securityfocus.com/archive/1/432226/100/0/threaded
http://www.securityfocus.com/bid/17690	Patch
http://www.vupen.com/english/advisories/2006/1534
https://exchange.xforce.ibmcloud.com/vulnerabilities/26071

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-26T20:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-04-26T00:00:00

Link: CVE-2006-2061

JSON object: View

NVD Information

Status : Modified

Published: 2006-04-26T20:06:00.000

Modified: 2018-10-18T16:37:55.333

Link: CVE-2006-2061

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-25T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "invision-index-ck-sql-injection(26071)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"}, {"name": "20060427 Re: Invision Vulnerabilities, including remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"}, {"name": "796", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/796"}, {"name": "17690", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17690"}, {"name": "19830", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19830"}, {"name": "ADV-2006-1534", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1534"}, {"name": "20060425 Invision Vulnerabilities, including remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.invisionpower.com/index.php?showtopic=213374"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "invision-index-ck-sql-injection(26071)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"}, {"name": "20060427 Re: Invision Vulnerabilities, including remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"}, {"name": "796", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/796"}, {"name": "17690", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17690"}, {"name": "19830", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19830"}, {"name": "ADV-2006-1534", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1534"}, {"name": "20060425 Invision Vulnerabilities, including remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"}, {"name": "http://forums.invisionpower.com/index.php?showtopic=213374", "refsource": "CONFIRM", "url": "http://forums.invisionpower.com/index.php?showtopic=213374"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2061", "datePublished": "2006-04-26T20:00:00", "dateReserved": "2006-04-26T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1F427913-7FEB-49CA-AD9F-5E5EC77CA9ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "993BCE2D-C03F-4F2F-A973-68CEC6B34EA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*", "matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*", "matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*", "matchCriteriaId": "61B7742A-2BD1-4119-8850-5BCB35E9F7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*", "matchCriteriaId": "DC4CBB17-B8EB-4A60-B8F5-34A2816373FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "05FA7E1F-D9D2-419F-A9DE-7BE4253F897E", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "09F88FD5-0335-4404-AD20-63737A76B051", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*", "matchCriteriaId": "D4B47FAD-8DCA-4B31-A5CF-884286F49E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*", "matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."}], "evaluatorSolution": "The vendor has released an update to address this and other versions.", "id": "CVE-2006-2061", "lastModified": "2018-10-18T16:37:55.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-26T20:06:00.000", "references": [{"source": "cve@mitre.org", "url": "http://forums.invisionpower.com/index.php?showtopic=213374"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19830"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/796"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17690"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1534"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}