CVE-2005-1946

Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:invision_power_services:invision_community_blog:1.0:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_community_blog:1.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=111833601302752&w=2 - () http://marc.info/?l=bugtraq&m=111833601302752&w=2 -
References () http://secunia.com/advisories/15626 - () http://secunia.com/advisories/15626 -
References () http://www.gulftech.org/?node=research&article_id=00078-06072005 - Exploit, Patch, Vendor Advisory () http://www.gulftech.org/?node=research&article_id=00078-06072005 - Exploit, Patch, Vendor Advisory

Information

Published : 2005-06-09 04:00

Updated : 2024-11-20 23:58


NVD link : CVE-2005-1946

Mitre link : CVE-2005-1946

CVE.ORG link : CVE-2005-1946


JSON object : View

Products Affected

invision_power_services

  • invision_community_blog