CVE Certified

Invision Power Board SSI.PHP SQL Injection

prev next

Google search: "Powered by Invision Power Board(U) v1.3 Final"

Hits: 1335

Submited: 2004-07-12

Invision Power Board is reported prone to an SQL injection vulnerability in its ssi.php script. Due to improper filtering of user supplied data, ssi.php is exploitable by attackers to pass SQL statements to the underlying database. The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition. Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.More info: