IPB <= 2.1.5 SQL inj. vuln.
Vuln. discovered by : r0t Date: 19 april 2006 vendorlink:http://www.invisionboard.com/ affected versions:2.1.5 and previous orginal advisory: http://pridels.blogspot.com/2006/04/ipb-215-sql-inj-vuln.html
IPB contains a flaw that allows a remote sql injection attacks.Input passed to the "st" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution: Edit the source code to ensure that input is properly sanitised.
More information @ unsecured-systems.com/forum/