CVE-2006-5206

Invision Gallery 2.0.7 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5206. PoCs published by 1nf3ct0r.

AI-analyzed exploit summary This exploit targets CVE-2006-5206 in Invision Gallery 2.0.7, leveraging a directory traversal vulnerability (ReadFile) and SQL injection to extract sensitive files and database information. It crafts HTTP requests to exploit these flaws and retrieves responses for analysis.

Description

SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 1nf3ct0r · cwebappsphp

https://www.exploit-db.com/exploits/2473

View Code ZIP pw:eip

This exploit targets CVE-2006-5206 in Invision Gallery 2.0.7, leveraging a directory traversal vulnerability (ReadFile) and SQL injection to extract sensitive files and database information. It crafts HTTP requests to exploit these flaws and retrieves responses for analysis.

Classification

Working Poc 95%

Attack Type

Info Leak | Sqli

Complexity

Moderate

Reliability

Reliable

Target: Invision Gallery 2.0.7

No auth needed

Prerequisites: Network access to the target · Target running Invision Gallery 2.0.7

MITRE ATT&CK

T1005 - Data from Local System T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2473

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22400

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20327

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/29333

Scores

EPSS 0.0106

EPSS Percentile 60.2%

Details

Status published

Products (6)

invision_power_services/invision_gallery 1.0.1

invision_power_services/invision_gallery 1.3

invision_power_services/invision_gallery 1.3.1

invision_power_services/invision_gallery 2.0.3

invision_power_services/invision_gallery 2.0.6

invision_power_services/invision_gallery < 2.0.7

Published Oct 10, 2006

Tracked Since Feb 18, 2026