Vulnerabilities > CVE-2005-1948 - SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1/1.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Invision Power Services Invision Gallery 1.0.1/1.3 SQL Injection Vulnerability. CVE-2005-1948. Webapps exploit for php platform |
id | EDB-ID:25806 |
last seen | 2016-02-03 |
modified | 2005-06-09 |
published | 2005-06-09 |
reporter | James Bercegay |
source | https://www.exploit-db.com/download/25806/ |
title | Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | INVISION_GALLERY_SQL_INJECTION.NASL |
description | The remote host is running Invision Gallery, a community-based photo gallery plugin for Invision Power Board. The version installed on the remote host fails to properly sanitize user-supplied data through several parameters, making it prone to multiple SQL injection and cross-site scripting vulnerabilities. These flaws may allow an attacker to delete images and/or albums, discover password hashes, and even affect UPDATE database queries. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18447 |
published | 2005-06-10 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18447 |
title | Invision Gallery < 1.3.1 Multiple SQL Injections |