Vulnerabilities > CVE-2005-1946 - SQL-Injection vulnerability in Invision Community Blog 1.0/1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | CGI abuses |
NASL id | INVISION_COMMUNITY_BLOG_MULTIPLE_INPUT_VULNS.NASL |
description | The remote host is running Invision Community Blog, a plugin for Invision Power Board that lets users have their own blogs. The version installed on the remote host fails to properly sanitize user-supplied data making it prone to multiple SQL injection and cross-site scripting vulnerabilities. These flaws may allow an attacker to gain access to sensitive information such as passwords and cookie data. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18446 |
published | 2005-06-10 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18446 |
title | Invision Community Blog Multiple Vulnerabilities (SQLi, XSS) |