CVE-2004-0338

Description

SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter.

Affected products

• invision_power_services / invision_board1.0 – 1.0
• invision_power_services / invision_board1.0.1 – 1.0.1
• invision_power_services / invision_board1.1.1 – 1.1.1
• invision_power_services / invision_board1.1.2 – 1.1.2
• invision_power_services / invision_board1.2 – 1.2
• invision_power_services / invision_board1.3 – 1.3
• invision_power_services / invision_board2.0_alpha_3 – 2.0_alpha_3
• invision_power_services / invision_board2.0_pdr3 – 2.0_pdr3

References

• MISChttp://www.securityfocus.com/bid/9766
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15343
• MAILING_LISThttp://marc.info/?l=bugtraq&m=107799527428834&w=2