HIGH🇬🇧 English

CVE-2014-4928

CVSS 8.8v3.0pub. 2018-03-20upd. 2024-11-21

SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Invisioncommunity Invision Power Board

    APP
    Invisioncommunity
    < 3.4.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2013-3725CRITICAL9.8ten sam produkt

Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

CVE-2012-2226CRITICAL9.8ten sam produkt

Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to ...

CVE-2017-8898CRITICAL9.8ten sam produkt

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowi...

CVE-2017-8899HIGH8.1ten sam produkt

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Informati...

CVE-2016-6174HIGH8.1ten sam produkt

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invisio...

CVE-2014-4928 — HIGH 8.8 | CVEbaza.pl