Invision Power Board Search.PHP "st" SQL Injection Vulnerability

It has been reported that an input validation error with the potential for use in a SQL injection attack is present in the "search.php" script. Consequently, malicious users may corrupt the resulting SQL queries (there are at least two) by specially crafting a value for the "st" variable. The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition.

It has been reported that this issue may also affect the 'sources/Memberlist.php' and the 'sources/Online.php' scripts.


Privacy Statement
Copyright 2010, SecurityFocus