CVE-2006-5203

CVE-2006-5203 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.