CVE-2006-2251

SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html	Patch
http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpost	Patch
http://secunia.com/advisories/19973	Patch Vendor Advisory
http://www.osvdb.org/25252
http://www.securityfocus.com/archive/1/433076	Patch
http://www.securityfocus.com/bid/17851	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/26290

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:invision_power_services:invision_community_blog:1.0:::::::*
	cpe:2.3:a:invision_power_services:invision_community_blog:1.1:::::::*
	cpe:2.3:a:invision_power_services:invision_community_blog:1.1.2_final:::::::*
	cpe:2.3:a:invision_power_services:invision_community_blog:1.2:::::::*

History

No history.

Information

Published : 2006-05-09 10:02

Updated : 2017-07-20 01:31

NVD link : CVE-2006-2251

Mitre link : CVE-2006-2251

CVE.ORG link : CVE-2006-2251

JSON object : View

Products Affected

invision_power_services

invision_community_blog

CWE

NVD-CWE-Other

{"id": "CVE-2006-2251", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-09T10:02:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpost", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19973", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25252", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/433076", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17851", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26290", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter."}], "lastModified": "2017-07-20T01:31:18.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:invision_power_services:invision_community_blog:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0C85BCF-92B3-4D21-BD75-86D373950E49"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_community_blog:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D266D44-2F49-4A97-BA46-585ED827D6EC"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_community_blog:1.1.2_final:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C335052F-1379-422C-8B2E-8E5AB1F99CBD"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_community_blog:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B01E1174-734E-45CF-BD41-4D6731D401DB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.4 /10