CVE-2006-2251
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.
| Software | From | Fixed in |
|---|---|---|
| invision_power_services / invision_community_blog | 1.1 | 1.1.x |
| invision_power_services / invision_community_blog | 1.0 | 1.0.x |
| invision_power_services / invision_community_blog | 1.1.2_final | 1.1.2_final.x |
| invision_power_services / invision_community_blog | 1.2 | 1.2.x |
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html
- http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpost
- http://secunia.com/advisories/19973
- http://www.osvdb.org/25252
- http://www.securityfocus.com/archive/1/433076
- http://www.securityfocus.com/bid/17851
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26290
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime