CVE-2006-6369

Name of the Vulnerable Software and Affected Versions Invision Community Blog Mod version 1.2.4

Description The issue allows remote attackers to execute arbitrary SQL commands via the eid parameter when the "Preview message" functionality is accessed. This is a result of a SQL injection vulnerability in the lib/entry reply entry.php file.

Recommendations For Invision Community Blog Mod version 1.2.4, avoid using the eid parameter in the "Preview message" functionality until a fix is available. As a temporary workaround, consider restricting access to the lib/entry reply entry.php file to minimize the risk of exploitation.