CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6369 – Invision Community Blog Mod 1.2.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-6369
07 Dec 2006 — SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. Vulnerabilidad de inyección SQL en lib/entry_reply_entry.php de Invision Community Blog Mod 1.2.4 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro eid, cuando se accede a través de la funcionalidad "mensaje de vista previa". • https://www.exploit-db.com/exploits/2877 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2006-2251
https://notcve.org/view.php?id=CVE-2006-2251
09 May 2006 — SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1945
https://notcve.org/view.php?id=CVE-2005-1945
09 Jun 2005 — Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. • http://marc.info/?l=bugtraq&m=111833601302752&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1946
https://notcve.org/view.php?id=CVE-2005-1946
09 Jun 2005 — Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. • http://marc.info/?l=bugtraq&m=111833601302752&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0217
https://notcve.org/view.php?id=CVE-2005-0217
06 Feb 2005 — SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter. • http://marc.info/?l=bugtraq&m=110538277223800&w=2 •