EIP-2026-107937

This is a writeup describing an SQL injection vulnerability in Invision Power Top Site List. The vulnerability occurs in the 'comment' feature, allowing arbitrary SQL queries to be executed via the 'id' parameter in the URL.