Vulnerabilities > CVE-2004-1836 - SQL Injection vulnerability in Invision Power Services Invision Power TOP Site List 1.0/1.1/1.1Rc2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
invision-power-services
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.

Vulnerable Configurations

Part Description Count
Application
Invision_Power_Services
3

Exploit-Db

descriptionInvision Power Top Site List 1.0/1.1 Comments function id Parameter SQL Injection Vulnerability. CVE-2004-1836. Webapps exploit for php platform
idEDB-ID:23868
last seen2016-02-02
modified2004-03-22
published2004-03-22
reporterJeiAr
sourcehttps://www.exploit-db.com/download/23868/
titleInvision Power Top Site List 1.0/1.1 Comments function id Parameter SQL Injection Vulnerability

References