• info
• discussion
• exploit
• solution
• references

Invision Power Board SSI.PHP SQL Injection Vulnerability

No exploit is required.

A proof-of-concept example was provided by the reporter of this issue:
http://www.example.com/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION]