5 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. Vulnerabilidad de inyección SQL en Invision Gallery 2.0.7 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro album en un comando rate. • https://www.exploit-db.com/exploits/4966 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 2%CPEs: 6EXPL: 2

Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used. Vulnerabilidad de escalada de directorio en Invision Gallery 2.0.7 permite a atacantes remotos leer archivos de su elección mediante una secuencia .. (punto punto) en el parámetro dir en (1) index.php y (2) forum/index.php, cuando se usa el comando viewimage en el módulo de galería. • https://www.exploit-db.com/exploits/2473 http://secunia.com/advisories/22400 http://www.securityfocus.com/bid/20328 https://exchange.xforce.ibmcloud.com/vulnerabilities/29334 •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 2

SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. Vulnerabilidad de inyección SQL en Invision Gallery 2.0.7 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro album en (2) index.php y (2) forum/index.php, cuando se usa el comando rate en el automódulo galería. • https://www.exploit-db.com/exploits/2473 http://secunia.com/advisories/22400 http://www.securityfocus.com/bid/20327 https://exchange.xforce.ibmcloud.com/vulnerabilities/29333 •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0519.html http://secunia.com/advisories/17393 http://securityreason.com/securityalert/105 http://www.securityfocus.com/bid/15286 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2

SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter. • https://www.exploit-db.com/exploits/26438 http://secunia.com/advisories/17375 http://www.osvdb.org/20419 http://www.securityfocus.com/archive/1/415297 http://www.securityfocus.com/bid/15240 http://www.vupen.com/english/advisories/2005/2257 https://exchange.xforce.ibmcloud.com/vulnerabilities/22928 •