| VID |
21690 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Invision Community Blog is older than version 1.1.2 Final appears as installed on the host. Invision Community Blog is a blogging plug-in for Invision Power Board. Invision Community Blog versions prior to 1.1.2 Final are vulnerable to multiple input validation vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and SQL injection attacks.
1) Multiple SQL Injection Vulnerabilities: Invision Community Blog before 1.1.2 Final allow a remote attacker to execute arbitrary SQL commands via the eid parameter in an editentry, replyentry or editcomment action, or the mid parameter in an aboutme action. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) A Cross-Site Scripting Vulnerability: Input passed to the convert_highlite_words function isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=111833601302752&w=2
http://www.gulftech.org/?node=research&article_id=00078-06072005
http://secunia.com/advisories/15626
* Platforms Affected:
Invision Power Services, Inc., Invision Community Blog versions prior to 1.1.2 Final
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Invision Community Blog (1.1.2 Final or later), available from the Invision Community Blog Download Web page at http://www.invisionblog.com/download_blog/ |
| Related URL |
CVE-2005-1945,CVE-2005-1946 (CVE) |
| Related URL |
13910 (SecurityFocus) |
| Related URL |
20964,20965 (ISS) |
|
