Vulnerabilities > CVE-2005-1946 - SQL-Injection vulnerability in Invision Community Blog 1.0/1.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

invision-power-services

nessus

NVD

Published: 2005-06-09

Updated: 2016-10-18

Summary

Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Community Blog 1.0 Invision Power Services Invision Community Blog 1.1	2

Nessus

NASL family	CGI abuses
NASL id	INVISION_COMMUNITY_BLOG_MULTIPLE_INPUT_VULNS.NASL
description	The remote host is running Invision Community Blog, a plugin for Invision Power Board that lets users have their own blogs. The version installed on the remote host fails to properly sanitize user-supplied data making it prone to multiple SQL injection and cross-site scripting vulnerabilities. These flaws may allow an attacker to gain access to sensitive information such as passwords and cookie data.
last seen	2020-06-01
modified	2020-06-02
plugin id	18446
published	2005-06-10
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18446
title	Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)

Summary

Vulnerable Configurations

Nessus

References