製品・ソフトウェアに関する情報

JVN脆弱性詳細

IPB における SQL コマンドを実行される脆弱性

Title	IPB における SQL コマンドを実行される脆弱性
Summary	Invision Power Board (IPB) には、SQL コマンドを実行される脆弱性が存在します。
Possible impacts	制限されたリモート管理者により、ユーザが Admin コントロールパネルの "フォーラムを管理する" リンクを閲覧した際に実行される PHP コードを伴う巧妙に細工されたイメージを含むフォーラムの詳細を介して、任意の Web スクリプトまたは HTML を挿入される、または任意の SQL コマンドを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 10, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

CVSS2.0 : 警告
Score	5.1
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected System

Invision Power Services, Inc

IPS Community Suite (旧 Invision Power Board) 2.1.7 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5203	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5203
National Vulnerability Database (NVD)
2	CVE-2006-5203	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5203

ベンダー情報

No	Name	URL
Invision Power Services
1	Invision Power Board	http://www.invisionpower.com/products/blog/

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-5203

Summary	Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
Summary	Invision Power Board (IPB) 2.1.7 y anteriores permite a un administrador remoto restringido inyectar secuencias de comandos web o HTML de su elección, o ejecutar comandos SQL de su elección, a través de una descripción del foro que contenga una imagen artesanal con código PHP, lo cual es esjecutado cuando el usuario visita "Mange Forum" enlazando en el panel de control de Admin.
Publication Date	Oct. 10, 2006, 1:06 p.m.
Registration Date	Jan. 29, 2021, 3:47 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:invision_power_services:invision_power_board::::::::		2.1.7
cpe:2.3:a:invision_power_services:invision_power_board:1.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:::::::*

Related information, measures and tools

No	URL	refsource
1	http://www.securityfocus.com/archive/1/447710/100/0/threaded	cve@mitre.org
2	https://exchange.xforce.ibmcloud.com/vulnerabilities/29352	cve@mitre.org
3	http://www.securityfocus.com/archive/1/447710/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
4	https://exchange.xforce.ibmcloud.com/vulnerabilities/29352	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:invision_power_services:invision_power_board::::::::		2.1.7
cpe:2.3:a:invision_power_services:invision_power_board:1.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:::::::*
cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:::::::*