Invision Power Board ssi.php f Parameter SQL Injection

high Nessus Plugin ID 12268

Language:

Synopsis

The remote web server contains a PHP script that is affected by a SQL injection vulnerability.

Description

A vulnerability exists in the version of Invision Power Board on the remote host such that unauthorized users can inject SQL commands through the 'ssi.php' script. An attacker may use this flaw to gain the control of the remote database.

Solution

Unknown at this time.

See Also

https://seclists.org/bugtraq/2004/Jun/124

Plugin Details

Severity: High

ID: 12268

File Name: invision_power_board_ssi_sql_injection.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 6/11/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:invisionpower:invision_power_board

Required KB Items: www/invision_power_board

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 10511