In response to the message sent on 10/4...
The vendor has released a fix. It has also been
discovered that this affects previous versions.
Vulnerable:
Invision Power Board 2.0.x
Invision Power Board 2.1.0 - 2.1.7
Invision Power Board 2.2 Beta 1
Not Vulnerable:
Invision Power Board 2.1.7 (ID:
Invision Power Board Multiple Vulnerabilities
Affects: IPB =2.1.7
Risk: High
An attack exists where an admin can be redirected and
forced to execute SQL commands through IPB's SQL
Toolbox.
The following requirements must be met for this attack
to take place:
- The database table prefix must