Vulnerabilities > Invision Power Services > Invision Gallery > 1.3

DATE	CVE	VULNERABILITY TITLE	RISK
2006-10-10	CVE-2006-5206	SQL Injection vulnerability in Invision Gallery SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. network low complexity invision-power-services	7.5
2006-10-10	CVE-2006-5205	Directory Traversal vulnerability in Invision Gallery Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. network low complexity invision-power-services	5.0
2005-06-09	CVE-2005-1948	SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1/1.3 Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. network low complexity invision-power-services	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.