Vulnerabilities > CVE-2006-2251 - SQL Injection vulnerability in Invision Community Blog Mod.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html
- http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpost
- http://secunia.com/advisories/19973
- http://www.osvdb.org/25252
- http://www.securityfocus.com/archive/1/433076
- http://www.securityfocus.com/bid/17851
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26290