RST/GHC advisory#41
Product: Invision Power Board
Version: 2.1 <= 2.1.6
Vendor: INVISION Power Service
URL: http://www.invisionpower.com
VULNERABILITY CLASS: SQL injection
[Product Description]
Invision Power Board, an award-winning scaleable bulletin board system,
written in PHP, uses SQL database.
"Invision Power Board is packed with useful features that enable you to
quickly and painlessly configure and manage every aspect of your board."
[Summary]
Unsufficient sanitazing of the user depend data in HTTP header may lead to
SQL injection attack.
[Details]
Data from HTTP variable CLIENT_IP puts directly to sql statement:
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.