Arbitrary SQL Command Execution in Invision Power Board (IPB) before 3.4.6

Arbitrary SQL Command Execution in Invision Power Board (IPB) before 3.4.6

CVE-2014-4928 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.

Learn more about our Web Application Penetration Testing UK.