← CVECheck
HomeVulnerabilities

CVE-2004-1785 — HIGH severity vulnerability (SQL injection vulnerability in calendar.php for Invision Pow)

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.

CVE IDCVE-2004-1785
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2004-01-03
Last modified2026-04-16
DescriptionSQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →