Title: Invision Power Top Site List Offset SQL Injection Vulnerability
Severity: HIGH
Description:
Invision Power Top Site List is a web application that is implemented in PHP.
Invision Power Top Site List is prone to SQL injection attacks. The vulnerability exists in the 'index.php' script. User-supplied input supplied via the 'offset' URI parameter will be used in a database query without sufficient sanitization. This may permit remote attackers to influence the logic and structure of database queries. Exploitation could permit for compromise of the software, disclosure of sensitive information or other attacks. It should be noted that exploitation might be limited due to the complexity of the queries affected.
Affected Products:
- Invision Power Services Invision Power Top Site List 1.0.0
- Invision Power Services Invision Power Top Site List 1.1.0
References:
- Invision Power Services: Invision Top Site List Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
