source: https://www.securityfocus.com/bid/9945/info
It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due to insufficient sanitizing of the 'id' URI parameter when using the 'comments' feature in 'index.php' script.
Invision Power Top Site List versions 1.1 RC 2 and prior are reported prone to this issue.
index.php?act=comments&id=[Evil_Query]