Vulnerability Details CVE-2006-6369
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://forums.invisionpower.com/index.php?showtopic=230108
- http://www.securityfocus.com/archive/1/453126/100/100/threaded
- http://www.securityfocus.com/archive/1/453159/100/100/threaded
- http://www.vupen.com/english/advisories/2006/4820
- http://forums.invisionpower.com/index.php?showtopic=230108
- http://www.securityfocus.com/archive/1/453126/100/100/threaded
- http://www.securityfocus.com/archive/1/453159/100/100/threaded
- http://www.vupen.com/english/advisories/2006/4820
Products affected by CVE-2006-6369
-
cpe:2.3:a:invision_power_services:invision_community_blog:1.2.4