Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2251

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2251
Last Modified 05 Sep 2008 05:04:03
Published 09 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2251

Summary

SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.

Vulnerable Systems

Application

  • Invision Power Services Invision Community Blog 1.0

  • Invision Power Services Invision Community Blog 1.1

  • Invision Power Services Invision Community Blog 1.1.2 Final

  • Invision Power Services Invision Community Blog 1.2


References

BID - 17851

BUGTRAQ - 20060505 Invision Community Blog .. Bugs

SECUNIA - 19973

CONFIRM - http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpost

BUGTRAQ - 20060508 Re: Invision Community Blog .. Bugs

XF - invision-mod-sql-injection(26290)

OSVDB - 25252


Last Updated: 27 May 2016 10:42:24