Vulnerabilities > CVE-2006-5205 - Directory Traversal vulnerability in Invision Gallery
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | Invision Gallery <= 2.0.7 ReadFile() & SQL Injection Exploit. CVE-2006-5205,CVE-2006-5206. Webapps exploit for php platform |
file | exploits/php/webapps/2473.c |
id | EDB-ID:2473 |
last seen | 2016-01-31 |
modified | 2006-10-03 |
platform | php |
port | |
published | 2006-10-03 |
reporter | 1nf3ct0r |
source | https://www.exploit-db.com/download/2473/ |
title | Invision Gallery <= 2.0.7 ReadFile & SQL Injection Exploit |
type | webapps |