Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Invision Community Blog Multiple Input Validation Vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in Invision Community Blog

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application is vulnerable to
multiple attacks.

Description :

The remote host is running Invision Community Blog, a test for
Invision Power Board that lets users have their own blogs.

The version installed on the remote host fails to properly sanitize
user-supplied data making it prone to multiple SQL injection and
cross-site scripting vulnerabilities. These flaws may allow an
attacker to gain access to sensitive information such as passwords and
cookie data.

See also :

http://www.gulftech.org/?node=research&article_id=00078-06072005

Solution :

Upgrade to Invision Community Blog 1.1.2 Final or greater.

Threat Level:

Low / CVSS Base Score : 3
(AV:R/AC:L/Au:R/C:P/A:N/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.