It has come to our attention that a potential SQL exploit exists in all versions of IPB 2.x.x
which can allow malicious SQL queries to be executed by forcing code into cookies. We
received this report this morning and have closed this vulnerability, updated the main ZIP
and released this patch.

http://forums.invisionpower.com/index.php?showtopic=204627