SQL Disclosure In Invision Power Board Network Vulnerability

Summary

There is a vulnerability in the current version of Invision Power Board that allows an attacker to reveal the SQL queries used by the product, and any page that was built by the administrator using the IPB's interface, simply by appending the variable 'debug' to the request.

Solution

Upgrade to the newest version of this software.

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Astium VoIP PBX SQL Injection Vulnerability
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
A-Blog 'sources/search.php' SQL Injection Vulnerability
b2ePMS Multiple SQL Injection Vulnerabilities

SQL Disclosure in Invision Power Board

Take action and discover your vulnerabilities