PT-2006-6980 · Invision Community · Invision Community Blog

Published

2006-12-07

Updated

2018-10-17

CVE-2006-6369

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Invision Community Blog Mod version 1.2.4

Description The issue allows remote attackers to execute arbitrary SQL commands via the eid parameter when the "Preview message" functionality is accessed. This is a result of a SQL injection vulnerability in the lib/entry reply entry.php file.

Recommendations For Invision Community Blog Mod version 1.2.4, avoid using the eid parameter in the "Preview message" functionality until a fix is available. As a temporary workaround, consider restricting access to the lib/entry reply entry.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6369

Affected Products

Invision Community Blog

PT-2006-6980 · Invision Community · Invision Community Blog

CVE-2006-6369

Related Identifiers

Affected Products

References · 6