CVE-2006-5203 - Peridotic Implementations

Description

Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML or execute arbitrary SQL commands via a forum description that contains a crafted image with PHP code which is executed when the user visits the \Manage Forums\ link in the Admin control panel.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/29352 http://www.securityfocus.com/archive/1/447710/100/0/threaded