Description
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.
Affected products
- invision_power_services / invision_board2.0 – 2.0
- invision_power_services / invision_board2.0.1 – 2.0.1
- invision_power_services / invision_board2.0.2 – 2.0.2
References
- MISChttp://forums.invisionpower.com/index.php?showtopic=154916
- MAILING_LISThttp://marc.info/?l=bugtraq&m=111462421824202&w=2
- MISChttp://www.securityfocus.com/bid/11703
- MAILING_LISThttp://marc.info/?l=bugtraq&m=111454805209191&w=2
- VENDOR_ADVISORYhttp://secunia.com/advisories/13245
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18164
- MAILING_LISThttp://marc.info/?l=bugtraq&m=110079592702417&w=2