← back
CVE-2006-6369

CVE-2006-6369

EPSS 1.0%
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/2877unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://forums.invisionpower.com/index.php?showtopic=230108http://www.securityfocus.com/archive/1/453126/100/100/threadedhttp://www.securityfocus.com/archive/1/453159/100/100/threadedhttp://www.vupen.com/english/advisories/2006/4820