Vulnerabilities > CVE-2006-2204 - Unspecified vulnerability in Invision Power Services Invision Power Board
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
Vulnerable Configurations
References
- http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo
- http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo
- http://secunia.com/advisories/19901
- http://secunia.com/advisories/19901
- http://securityreason.com/securityalert/551
- http://securityreason.com/securityalert/551
- http://www.securityfocus.com/archive/1/432591/100/0/threaded
- http://www.securityfocus.com/archive/1/432591/100/0/threaded
- http://www.securityfocus.com/archive/1/432948/30/0/threaded
- http://www.securityfocus.com/archive/1/432948/30/0/threaded
- http://www.securityfocus.com/bid/17837
- http://www.securityfocus.com/bid/17837
- http://www.vupen.com/english/advisories/2006/1605
- http://www.vupen.com/english/advisories/2006/1605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26190
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26190