Invision Power Services: >> Invision Gallery >> 2.0.6 Security Vulnerabilities
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
CVSS Score
5.0
EPSS Score
0.03
Published
2006-10-10
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
CVSS Score
7.5
EPSS Score
0.003
Published
2006-10-10
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVSS Score
6.4
EPSS Score
0.007
Published
2006-05-04