Invision Community Blog Mod.PHP SQL Injection Vulnerability

Bugtraq ID:	17851
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 05 2006 12:00AM
Updated:	May 08 2006 09:09PM
Credit:	[email protected] is credited with the discovery of this vulnerability.
Vulnerable:	Invision Power Services Invision Community Blog 1.1.2 Final Invision Power Services Invision Community Blog 1.1 Invision Power Services Invision Community Blog 1.0 Invision Power Services Invision Community Blog 1.2
Not Vulnerable:	Invision Power Services Invision Community Blog 1.2.3

Invision Community Blog Mod.PHP SQL Injection Vulnerability

Invision Community Blog is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Invision Community Blog Mod.PHP SQL Injection Vulnerability

This issue can be exploited through a web client.

Invision Community Blog Mod.PHP SQL Injection Vulnerability

Solution:
The vendor has released version 1.2.3 to address this issue; please contact the vendor for further details.

Invision Community Blog Mod.PHP SQL Injection Vulnerability

References:

• Invision Community Blog Product Page (Invision Power Services)
  
• Invision Community Blog .. Bugs ([email protected])