Invision Power Board "qpid" Remote SQL Injection Vulnerability

AlphaOne Technology Support Forums

Welcome, Guest. Please login or register.
December 02, 2008, 11:37:13 AM

1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley

Home

Help

Login

Register

AlphaOne Technology Support Forums | IMPORTANT ANNOUNCEMENTS | Security Announcements | Invisionboard | Topic: Invision Power Board "qpid" Remote SQL Injection Vulnerability

0 Members and 1 Guest are viewing this topic.

« previous next »

Pages: [1]

Go Down

Print

Author

Topic: Invision Power Board "qpid" Remote SQL Injection Vulnerability (Read 786 times)

AlphaWolf

AOT Administrator
Administrator
Hero Member

Offline

Offline

Posts: I am a geek!!

WWW

Invision Power Board "qpid" Remote SQL Injection Vulnerability

« on: April 26, 2005, 08:59:22 PM »

FrSIRT Advisory : FrSIRT/ADV-2005-0402
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Moderate
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-04-26

* Technical Description *

A new vulnerability was identified in Invision Power Board, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "index.php" file when handling a specially crafted "qpid" parameter, which may be exploited by remote users to conduct SQL injection attacks.

* Affected Products *

Invision Power Board (IPB) 2.0.1 and prior

* Solution *

The FrSIRT is not aware of any official supplied patch for this issue.

* References *

http://www.frsirt.com/english/advisories/2005/0402


	Logged

AlphaOne Tech Webmaster Resources
http://www.alphaone-tech.com/resources/

Pages: [1]

Go Up

Print

AlphaOne Technology Support Forums | IMPORTANT ANNOUNCEMENTS | Security Announcements | Invisionboard | Topic: Invision Power Board "qpid" Remote SQL Injection Vulnerability

« previous next »

Jump to:

AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved.