Vulnerabilities > Invision Power Services > Invision Community Blog > High

DATE	CVE	VULNERABILITY TITLE	RISK
2006-12-07	CVE-2006-6369	SQL-Injection vulnerability in Invision Power Services Invision Community Blog 1.2.4 SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. network low complexity invision-power-services	7.5
2005-06-09	CVE-2005-1946	SQL-Injection vulnerability in Invision Community Blog 1.0/1.1 Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. network low complexity invision-power-services	7.5
2005-05-02	CVE-2005-0217	SQL Injection vulnerability in Invision Power Services Invision Community Blog 1.0 SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter. network low complexity invision-power-services	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.