CVE-2005-1948

Published: Jun 9, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.

Affected (2)

Products: Invision Power Services: Invision Gallery

Invision Power Services

1 product

Invision Gallery

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Invision Power Services Invision Gallery	Version 1.0.1
Invision Power Services Invision Gallery	Version 1.3

References (6)

http://marc.info/?l=bugtraq&m=111834146710329&w=2

Source: cve@mitre.org

http://www.gulftech.org/?node=research&article_id=00079-06092005

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.securityfocus.com/bid/13907

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=111834146710329&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gulftech.org/?node=research&article_id=00079-06092005

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.securityfocus.com/bid/13907

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.