Intrusion Prevention

Invision.Power.Board.Portal.Index.PHP.SQL.Injection

Description

Dragoran Portal module 1.3 for Invision Power Board (IPB) has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "index.php" script, with injected SQL statements in the "site" parameter.

Affected Products

Dragoran Portal (module for IPB) version 1.3 and prior.

Impact

Data Manipulation.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://mods.invisionize.com/db/index.php/f/1314

CVE References

CVE-2006-0520