CVE-2006-6369 – Invision Community Blog Mod 1.2.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-6369
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. Vulnerabilidad de inyección SQL en lib/entry_reply_entry.php de Invision Community Blog Mod 1.2.4 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro eid, cuando se accede a través de la funcionalidad "mensaje de vista previa". • https://www.exploit-db.com/exploits/2877 http://forums.invisionpower.com/index.php?showtopic=230108 http://www.securityfocus.com/archive/1/453126/100/100/threaded http://www.securityfocus.com/archive/1/453159/100/100/threaded http://www.vupen.com/english/advisories/2006/4820 •
CVE-2006-2251
https://notcve.org/view.php?id=CVE-2006-2251
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpost http://secunia.com/advisories/19973 http://www.osvdb.org/25252 http://www.securityfocus.com/archive/1/433076 http://www.securityfocus.com/bid/17851 https://exchange.xforce.ibmcloud.com/vulnerabilities/26290 •
CVE-2005-1945
https://notcve.org/view.php?id=CVE-2005-1945
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. • http://marc.info/?l=bugtraq&m=111833601302752&w=2 http://secunia.com/advisories/15626 http://www.gulftech.org/?node=research&article_id=00078-06072005 •
CVE-2005-1946
https://notcve.org/view.php?id=CVE-2005-1946
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. • http://marc.info/?l=bugtraq&m=111833601302752&w=2 http://secunia.com/advisories/15626 http://www.gulftech.org/?node=research&article_id=00078-06072005 •
CVE-2005-0217
https://notcve.org/view.php?id=CVE-2005-0217
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter. • http://marc.info/?l=bugtraq&m=110538277223800&w=2 http://secunia.com/advisories/13783 http://securitytracker.com/id?1012831 http://www.osvdb.org/12817 http://www.securityfocus.com/bid/12205 https://exchange.xforce.ibmcloud.com/vulnerabilities/18815 •