Description
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25806
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00079-06092005
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13907
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111834146710329&w=2
Scores
EPSS
0.0036
EPSS Percentile
58.1%
Details
Status
published
Products (2)
invision_power_services/invision_gallery
1.0.1
invision_power_services/invision_gallery
1.3
Published
Jun 09, 2005
Tracked Since
Feb 18, 2026