vendor:
Invision Power Board
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Invision Power Board
Affected Version From: 1.3.1 Final
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:invision_power_services:invision_power_board:1.3.1
Platforms Tested: Unknown
Unknown
SQL Injection in Invision Power Board ‘ssi.php’ script
Invision Power Board's 'ssi.php' script is prone to an SQL injection vulnerability. Attackers can exploit this vulnerability by passing SQL statements to the underlying database through the script. Depending on the underlying database, this vulnerability can result in data corruption or theft, execution of commands or procedures on the database server, or exploitation of other vulnerabilities in the database.
Mitigation:
It is recommended to sanitize and validate user input before using it in SQL queries. Invision Power Board should release a patch or update to address this vulnerability.