[] NeoSense
E X P L O I T S
title author type platform port cve id

Invision Power Top Site List 1.0/1.1 - 'id' SQL Injection

Author: JeiAr
type: webapps
platform: php
port: 
date_added: 2004-03-22 
date_updated: 2013-01-03 
verified: 1 
codes: CVE-2004-1836;OSVDB-16734 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/9945/info

It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due to insufficient sanitizing of the 'id' URI parameter when using the 'comments' feature in 'index.php' script.

Invision Power Top Site List versions 1.1 RC 2 and prior are reported prone to this issue.

index.php?act=comments&id=[Evil_Query]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.