• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Invision Community Blog EID Parameter SQL Injection Vulnerability

Invision Community Blog is reported prone to SQL injection attacks. User-supplied input supplied through the 'eid' URI parameter is used in a database query without sufficient sanitization.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.

All versions of Invision Community Blog are considered vulnerable to this issue.