CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6369 – Invision Community Blog Mod 1.2.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-6369
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. Vulnerabilidad de inyección SQL en lib/entry_reply_entry.php de Invision Community Blog Mod 1.2.4 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro eid, cuando se accede a través de la funcionalidad "mensaje de vista previa". • https://www.exploit-db.com/exploits/2877 http://forums.invisionpower.com/index.php?showtopic=230108 http://www.securityfocus.com/archive/1/453126/100/100/threaded http://www.securityfocus.com/archive/1/453159/100/100/threaded http://www.vupen.com/english/advisories/2006/4820 •