Vulnerabilities > Invision Power Services > Invision Gallery > 1.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-10 | CVE-2006-5206 | SQL Injection vulnerability in Invision Gallery SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. | 7.5 |
2006-10-10 | CVE-2006-5205 | Directory Traversal vulnerability in Invision Gallery Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. | 5.0 |