Invision.Power.Board.Army.Index.PHP.SQL.Injection
Description
Invision Power Board Army System Mod has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "index.php" script, with injecting SQL statements in the "userstat" parameter.
Affected Products
Invision Power Board Army System Mod version 2.1 and prior.
Impact
Data Manipulation.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://mods.invisionize.com/db/index.php/f/3347
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |