Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-3395. PoCs published by almaster.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Invision Gallery due to improper input sanitization. The exploit involves appending malicious SQL code to the 'st' parameter in the URL.
Description
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by almaster · textwebappsphp
https://www.exploit-db.com/exploits/26438
The provided text describes an SQL injection vulnerability in Invision Gallery due to improper input sanitization. The exploit involves appending malicious SQL code to the 'st' parameter in the URL.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
Invision Gallery (version not specified)
No auth needed
Prerequisites:
Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/415297
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20419
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17375
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15240
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22928
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2257
Scores
EPSS
0.0254
EPSS Percentile
82.9%
Details
Status
published
Products (1)
invision_power_services/invision_gallery
2.0.3
Published
Nov 01, 2005
Tracked Since
Feb 18, 2026