Intrusion Prevention

Invision.Power.Board.Army.Index.PHP.SQL.Injection

Description

Invision Power Board Army System Mod has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "index.php" script, with injecting SQL statements in the "userstat" parameter.

Affected Products

Invision Power Board Army System Mod version 2.1 and prior.

Impact

Data Manipulation.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://mods.invisionize.com/db/index.php/f/3347

CVE References

CVE-2006-0750