Multiple SQL injection vulnerabilities in Invision Blog prior to 1.1.2 Final allow remote malicious users to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invision power services invision community blog 1.0 |
||
invision power services invision community blog 1.1 |