 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.15778 |
| Category: | CGI abuses |
| Title: | Invision Power Board Post SQL Injection Vulnerability |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is running Invision Power Board - a CGI suite designed to set up a bulletin board system on the remote web server. There is a vulnerability has been discovered in the remote version of this software, which may allow unauthorized users to inject SQL commands in the remote SQL database. An attacker may use this flaw to gain the control of the remote database and possibly to overwrite files on the remote host. Solution : Upgrade to the latest version of this software Risk factor : High |
| Cross-Ref: |
BugTraq ID: 11703 Common Vulnerability Exposure (CVE) ID: CVE-2004-1531 http://www.securityfocus.com/bid/11703 Bugtraq: 20041118 [MaxPatrol] SQL-injection in Invision Power Board 2.x (Google Search) http://marc.info/?l=bugtraq&m=110079592702417&w=2 Bugtraq: 20050425 SQL-injections in Invision Power Board v2.0.1 (Google Search) http://marc.info/?l=bugtraq&m=111454805209191&w=2 Bugtraq: 20050427 Re: SQL-injections in Invision Power Board v2.0.1 (Google Search) http://marc.info/?l=bugtraq&m=111462421824202&w=2 http://secunia.com/advisories/13245 XForce ISS Database: invisionpowerboard-sql-injection(18164) https://exchange.xforce.ibmcloud.com/vulnerabilities/18164 |
| Copyright | This script is Copyright (C) 2004 Tenable Network Security |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |