Invision Power Board 1.3 – ‘SSI.php’ SQL Injection

Invision Power Board 1.3 – ‘SSI.php’ SQL Injection

漏洞ID 1054493 漏洞类型
发布时间 2004-06-11 更新时间 2004-06-11
图片[1]-Invision Power Board 1.3 – ‘SSI.php’ SQL Injection-安全小百科CVE编号 N/A
图片[2]-Invision Power Board 1.3 – ‘SSI.php’ SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24186
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10511/info

Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script.

Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database.

The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition.

Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.

*** There have been conflicting reports stating the the vulnerable variable only accepts integer values and not arbitrary strings. 

http://www.example.com/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION]

相关推荐: Linux IRC IP Masquerading Module Arbitrary Firewall Rule Insertion Vulnerability

Linux IRC IP Masquerading Module Arbitrary Firewall Rule Insertion Vulnerability 漏洞ID 1103045 漏洞类型 Design Error 发布时间 2001-07-30 更新…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享