CVE-2008-4171

critical

Description

SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.

References

http://www.vupen.com/english/advisories/2008/2487

http://www.securitytracker.com/id?1020817

http://www.securityfocus.com/bid/31288

http://forums.invisionpower.com/index.php?showtopic=276512

Details

Source: Mitre, NVD

Published: 2008-09-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics