9 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. Vulnerabilidad de inyección SQL en Invision Gallery 2.0.7 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro album en un comando rate. • https://www.exploit-db.com/exploits/4966 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. Vulnerabilidad de inyección SQL en forum/modules/gallery/post.php en Invision Gallery 2.0.7 permite a atacantes remotos provocar una denegación de servicio y la posibilidad de causar otros impactos, como el demostrado usando la sentencia "SELECT BENCHMARK" en el parámetro img en la operación doaddcomment del index.php. • http://www.securityfocus.com/archive/1/453167/100/100/threaded http://www.securityfocus.com/archive/1/453468/100/0/threaded •

CVSS: 5.0EPSS: 2%CPEs: 6EXPL: 2

Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used. Vulnerabilidad de escalada de directorio en Invision Gallery 2.0.7 permite a atacantes remotos leer archivos de su elección mediante una secuencia .. (punto punto) en el parámetro dir en (1) index.php y (2) forum/index.php, cuando se usa el comando viewimage en el módulo de galería. • https://www.exploit-db.com/exploits/2473 http://secunia.com/advisories/22400 http://www.securityfocus.com/bid/20328 https://exchange.xforce.ibmcloud.com/vulnerabilities/29334 •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 2

SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. Vulnerabilidad de inyección SQL en Invision Gallery 2.0.7 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro album en (2) index.php y (2) forum/index.php, cuando se usa el comando rate en el automódulo galería. • https://www.exploit-db.com/exploits/2473 http://secunia.com/advisories/22400 http://www.securityfocus.com/bid/20327 https://exchange.xforce.ibmcloud.com/vulnerabilities/29333 •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0

SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. • http://secunia.com/advisories/19948 http://securityreason.com/securityalert/841 http://securitytracker.com/id?1016019 http://www.osvdb.org/25231 http://www.securityfocus.com/archive/1/432731/100/0/threaded http://www.securityfocus.com/archive/1/432952/100/0/threaded http://www.securityfocus.com/bid/17793 http://www.vupen.com/english/advisories/2006/1655 https://exchange.xforce.ibmcloud.com/vulnerabilities/26224 •