CVE-2005-1946 Information

Description

Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry replyentry or editcomment action or (2) the mid parameter to an aboutme action.

Reference

http://marc.info/?l=bugtraq&m=111833601302752&w=2 http://secunia.com/advisories/15626 http://www.gulftech.org/?node=research&article_id=00078-06072005