Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Invision Power Board st Parameter SQL Injection Vulnerability


Vulnerability Assessment Details

Invision Power Board st Parameter SQL Injection Vulnerability

Vulnerability Assessment Summary
Checks for st parameter SQL injection vulnerability in Invision Power Board

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is affected by a SQL
injection vulnerability.

Description :

A version of Invision Power Board installed on the remote host suffers
from a SQL injection vulnerability due to its failure to sanitize user
input via the 'st' parameter to the 'index.php' script. A possible hacker can
take advantage of this flaw to inject arbitrary SQL statements into
Invision Power Board, possibly even modifying the database.

See also :

http://www.securityfocus.com/archive/1/395515

Solution :

Unknown at this time.

Network Security Threat Level:

Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)

Networks Security ID: 13097

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security

Cables, Connectors


ASRock B550M Pro SE AM4 DDR4 SATA 6Gb/s 1 PCIe 4.0 x16 Micro ATX Motherboard picture

ASRock B550M Pro SE AM4 DDR4 SATA 6Gb/s 1 PCIe 4.0 x16 Micro ATX Motherboard

$84.99



Asus H81M-C Intel LGA1150 DDR3 Desktop Motherboard MicroATX Socket H3  picture

Asus H81M-C Intel LGA1150 DDR3 Desktop Motherboard MicroATX Socket H3

$23.99



Gigabyte GA-Q170M-D3H-GSM LGA1151 DDR4 Desktop Motherboard with I/O Plate picture

Gigabyte GA-Q170M-D3H-GSM LGA1151 DDR4 Desktop Motherboard with I/O Plate

$49.99



Asus Prime H310M-A R2.0 Intel LGA 1151 DDR4 Desktop Motherboard picture

Asus Prime H310M-A R2.0 Intel LGA 1151 DDR4 Desktop Motherboard

$54.99



Gigabyte Z370P D3 ATX Z370 LGA1151 Motherboard (Support Intel 6/7th 8th 9th) picture

Gigabyte Z370P D3 ATX Z370 LGA1151 Motherboard (Support Intel 6/7th 8th 9th)

$59.99



MSI H81I LGA1150 MINI-ITX DDR3 Desktop Motherboard With I/O Shield  picture

MSI H81I LGA1150 MINI-ITX DDR3 Desktop Motherboard With I/O Shield

$32.99



ASUS H87I-PLUS, LGA 1150, Intel Motherboard w/ IO Shield picture

ASUS H87I-PLUS, LGA 1150, Intel Motherboard w/ IO Shield

$39.00



MSI B450M PRO-VDH MAX AM4 AMD B450 USB3.2 Micro-ATX Motherboard picture

MSI B450M PRO-VDH MAX AM4 AMD B450 USB3.2 Micro-ATX Motherboard

$67.99



MSI PRO B650-P WiFi AMD AM5 DDR5 WiFi 6E ProSeries Motherboard picture

MSI PRO B650-P WiFi AMD AM5 DDR5 WiFi 6E ProSeries Motherboard

$107.30



ASRock TRX40 Creator DDR4 Socket sTRX4 Motherboard With I/O Shield Tested picture

ASRock TRX40 Creator DDR4 Socket sTRX4 Motherboard With I/O Shield Tested

$199.99



Discussions

No Discussions have been posted on this vulnerability.