CVE-2006-2097

Name: CVE-2006-2097
Creator: NVD / NIST
Published: 2006-04-29T10:02:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.19%

Last modified Jun 16, 2026

CVE-2006-2097 is a vulnerability of currently unknown severity. SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).. EPSS estimates a 1.19% chance of exploitation in the next 30 days.

Description

SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).

Metrics

EPSS Probability

1.19%

64.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Invision Power Services	Invision Power Board	<= 2.1.4
Invision Power Services	Invision Power Board	1.0
Invision Power Services	Invision Power Board	1.0.1
Invision Power Services	Invision Power Board	1.1.1
Invision Power Services	Invision Power Board	1.1.2
Invision Power Services	Invision Power Board	1.2
Invision Power Services	Invision Power Board	1.3
Invision Power Services	Invision Power Board	1.3.1_final
Invision Power Services	Invision Power Board	1.3_final
Invision Power Services	Invision Power Board	2.0.0
Invision Power Services	Invision Power Board	2.0.1
Invision Power Services	Invision Power Board	2.0.2
Invision Power Services	Invision Power Board	2.0.3
Invision Power Services	Invision Power Board	2.0.4
Invision Power Services	Invision Power Board	2.0.x
Invision Power Services	Invision Power Board	2.1
Invision Power Services	Invision Power Board	2.1.0
Invision Power Services	Invision Power Board	2.1.1
Invision Power Services	Invision Power Board	2.1.2
Invision Power Services	Invision Power Board	2.1.3
Invision Power Services	Invision Power Board	2.1_alpha2
Invision Power Services	Invision Power Board	2.1_beta2
Invision Power Services	Invision Power Board	2.1_beta3
Invision Power Services	Invision Power Board	2.1_beta4
Invision Power Services	Invision Power Board	2.1_beta5
Invision Power Services	Invision Power Board	2.1_rc1

References

Timeline

Published: Apr 29, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-2097?

SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).

How severe is CVE-2006-2097?

Severity scoring for CVE-2006-2097 is pending analysis. The EPSS model estimates a 1.19% probability of exploitation in the next 30 days.

How do I fix CVE-2006-2097?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-2097?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST