Invision Power Board calendar.php m Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Invision Power Board contains a flaw that may allow a malicious user to inject SQL commands. The issue is triggered through malicious input variables in calendar.php. It is possible that the flaw may allow SQL injection attacks resulting in a loss of confidentiality, integrity, and/or availability.
Upgrade to the 1.3 Security Patch 02-01-04 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.