SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Invision_power_top_site_list | Invision_power_services | 1.0 (including) | 1.0 (including) |
Invision_power_top_site_list | Invision_power_services | 1.1 (including) | 1.1 (including) |
Invision_power_top_site_list | Invision_power_services | 1.1_rc2 (including) | 1.1_rc2 (including) |