CVE-2006-5205

Invision Gallery 2.0.7 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5205. PoCs published by 1nf3ct0r.

AI-analyzed exploit summary This exploit targets CVE-2006-5206 in Invision Gallery 2.0.7, leveraging a directory traversal vulnerability (ReadFile) and SQL injection to extract sensitive files and database information. It crafts HTTP requests to exploit these flaws and retrieves responses for analysis.

Description

Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 1nf3ct0r · cwebappsphp

https://www.exploit-db.com/exploits/2473

View Code ZIP pw:eip

This exploit targets CVE-2006-5206 in Invision Gallery 2.0.7, leveraging a directory traversal vulnerability (ReadFile) and SQL injection to extract sensitive files and database information. It crafts HTTP requests to exploit these flaws and retrieves responses for analysis.

Classification

Working Poc 95%

Attack Type

Info Leak | Sqli

Complexity

Moderate

Reliability

Reliable

Target: Invision Gallery 2.0.7

No auth needed

Prerequisites: Network access to the target · Target running Invision Gallery 2.0.7

MITRE ATT&CK

T1005 - Data from Local System T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2473

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/29334

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22400

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20328

Scores

EPSS 0.0273

EPSS Percentile 84.2%

Details

Status published

Products (6)

invision_power_services/invision_gallery 1.0.1

invision_power_services/invision_gallery 1.3

invision_power_services/invision_gallery 1.3.1

invision_power_services/invision_gallery 2.0.3

invision_power_services/invision_gallery 2.0.6

invision_power_services/invision_gallery 2.0.7

Published Oct 10, 2006

Tracked Since Feb 18, 2026