Invision PowerBoard < 2.0.3 SQL Injection
High Nessus Network Monitor Plugin ID 2422
SynopsisThe remote host is running a vulnerable version of Invision Power Board, a CGI suite designed to set up a bulletin board system on the remote web server.
DescriptionThe remote host is running Invision Power Board, a CGI suite designed to set up a bulletin board system on the remote web server.
A vulnerability has been discovered in the remote version of this software that may allow unauthorized users to inject SQL commands in the remote SQL database.
An attacker may use this flaw to gain the control of the remote database and possibly to overwrite files on the remote host.
In addition, a remote HTML injection flaw has been identified within
Invision Power Board. An attacker exploiting this flaw would be
able to control the way that the website is presented. In order to
exploit such a vulnerability, the attacker would need to be able to
convince a user to visit a malicious website.
SolutionUpgrade to version 2.0.3 or higher.