Vulnerability Description
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invision Power Services | Invision Community Blog | 1.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.htmlPatch
- http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpostPatch
- http://secunia.com/advisories/19973PatchVendor Advisory
- http://www.osvdb.org/25252
- http://www.securityfocus.com/archive/1/433076Patch
- http://www.securityfocus.com/bid/17851ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26290
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.htmlPatch
- http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpostPatch
- http://secunia.com/advisories/19973PatchVendor Advisory
- http://www.osvdb.org/25252
- http://www.securityfocus.com/archive/1/433076Patch
- http://www.securityfocus.com/bid/17851ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26290
FAQ
What is CVE-2006-2251?
CVE-2006-2251 is a vulnerability with a CVSS score of 6.4 (MEDIUM). SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL comma...
How severe is CVE-2006-2251?
CVE-2006-2251 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2251?
Check the references section above for vendor advisories and patch information. Affected products include: Invision Power Services Invision Community Blog.