Back to search
CVE-2006-2204
Published: May 5, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
17837
vdb-entry
x_refsource_BID
invision-func_mod-sql-injection(26190)
vdb-entry
x_refsource_XF
551
third-party-advisory
x_refsource_SREASON
http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo
x_refsource_CONFIRM
ADV-2006-1605
vdb-entry
x_refsource_VUPEN
20060428 Invision Power Board v2.1.5 Remote SQL Injection
mailing-list
x_refsource_BUGTRAQ
20060504 Re: Invision Power Board v2.1.5 Remote SQL Injection
mailing-list
x_refsource_BUGTRAQ
19901
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now