|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Invision Power Board contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. This flaw exists because the 'login.php' script does not validate user-supplied input in certain login methods and may allow a remote attacker to inject or manipulate SQL queries.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Invision Power Services, Inc. has released a patch to address this vulnerability.
|
|
Products |
|
Invision Power Board
 |
2.0.3 |
1.3.x |
|
|
|
|
|
|
Credit |
- James Bercegay - security
gulftech.org - GulfTech Research and Development
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|