| VID |
21831 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Dragoran Portal module for IPB is vulnerable to an SQL injection vulnerability in the site parameter. Invision Power Board is a PHP-based Web forum software package, distributed by Invision Power Services, Inc.. Dragoran Portal module version 1.3 and earlier versions for Invision Power Board (IPB) could allow a remote attacker to execute arbitrary SQL commands via the site parameter in the index.php script. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.frsirt.com/english/advisories/2006/0396
* Platforms Affected:
Invisionize.com, Dragoran Portal version 1.3 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of February 2006.
Upgrade to a version of Dragoran Portal (greater than 1.3), when new version fixed this problem becomes available from the Invisionize.com Web site at http://mods.invisionize.com/db/index.php?f=1314 |
| Related URL |
CVE-2006-0520 (CVE) |
| Related URL |
16447 (SecurityFocus) |
| Related URL |
24404 (ISS) |
|
