CVE-2006-2251 | Vulnerability Database | Aqua Security

SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.

Affected Software

Name	Vendor	Start Version	End Version
Invision_community_blog	Invision_power_services	1.0 (including)	1.0 (including)
Invision_community_blog	Invision_power_services	1.1 (including)	1.1 (including)
Invision_community_blog	Invision_power_services	1.1.2_final (including)	1.1.2_final (including)
Invision_community_blog	Invision_power_services	1.2 (including)	1.2 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html
http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpost
http://secunia.com/advisories/19973
http://www.osvdb.org/25252
http://www.securityfocus.com/archive/1/433076
http://www.securityfocus.com/bid/17851
https://exchange.xforce.ibmcloud.com/vulnerabilities/26290

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2251
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html