13 lines
No EOL
858 B
Text
13 lines
No EOL
858 B
Text
source: https://www.securityfocus.com/bid/10511/info
|
|
|
|
Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script.
|
|
|
|
Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database.
|
|
|
|
The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition.
|
|
|
|
Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.
|
|
|
|
*** There have been conflicting reports stating the the vulnerable variable only accepts integer values and not arbitrary strings.
|
|
|
|
http://www.example.com/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION] |