Invision Power Board 2.0.3
Invision Community is a leading platform for building vibrant communities with forums, eCommerce, content management, image galleries and more. Invision Power Board 2.0.3 - 'login.php' SQL Injection. Webapps exploit for PHP platform.
CVSSv3 Temp Score Current Exploit Price (≈) 7.3 $0-$5k A vulnerability was found in Invision Power Services IP.Board up to 2.0.3 and classified as critical. This issue affects an unknown function of the file login.php. The manipulation of the argument pid with an unknown input leads to a sql injection vulnerability. Using CWE to declare the problem leads to. Impacted is confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange. The weakness was published by James Bercegay with Gulftech.
The advisory is shared for download. The identification of this vulnerability is since. The exploitation is known to be easy.
The attack may be initiated remotely. No form of authentication is needed for a successful exploitation.
Invision Power Board Skin
Invision Power Board 2.0.1
Technical details as well as a public exploit are known. After 2 weeks, there has been an exploit disclosed. The exploit is available.
Boy Bear
The vulnerability scanner Nessus provides a plugin with the ID (Invision Power Board.