Invision Gallery

invision_gallery

Vendor: Invision Power Services • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-0421 1Invision Power Services 1Invision Gallery Apr 23, 2026 Jan 23, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
CVE-2006-6370 1Invision Power Services 1Invision Gallery Apr 23, 2026 Dec 7, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" sta...Show more SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.Show less
CVE-2006-5206 1Invision Power Services 1Invision Gallery Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery autom...Show more SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.Show less
CVE-2006-5205 1Invision Power Services 1Invision Gallery Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage co...Show more Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.Show less
CVE-2006-2202 1Invision Power Services 1Invision Gallery Apr 16, 2026 May 4, 2006 N/A· v4 N/A· v3 6.4 MEDIUM· v2 SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2005-3477 1Invision Power Services 1Invision Gallery Apr 16, 2026 Nov 3, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its...Show more Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery.Show less
CVE-2005-3395 1Invision Power Services 1Invision Gallery Apr 16, 2026 Nov 1, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2005-1948 1Invision Power Services 1Invision Gallery Apr 16, 2026 Jun 9, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when vot...Show more Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.Show less
CVE-2004-1835 1Invision Power Services 1Invision Gallery Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.