CVE-2006-5206 | Vulnerability Database | Aqua Security

SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.

Affected Software

Name	Vendor	Start Version	End Version
Invision_gallery	Invision_power_services	*	2.0.7 (including)
Invision_gallery	Invision_power_services	1.0.1 (including)	1.0.1 (including)
Invision_gallery	Invision_power_services	1.3 (including)	1.3 (including)
Invision_gallery	Invision_power_services	1.3.1 (including)	1.3.1 (including)
Invision_gallery	Invision_power_services	2.0.3 (including)	2.0.3 (including)
Invision_gallery	Invision_power_services	2.0.6 (including)	2.0.6 (including)

References

http://secunia.com/advisories/22400
http://www.securityfocus.com/bid/20327
https://exchange.xforce.ibmcloud.com/vulnerabilities/29333
https://www.exploit-db.com/exploits/2473
http://secunia.com/advisories/22400
http://www.securityfocus.com/bid/20327
https://exchange.xforce.ibmcloud.com/vulnerabilities/29333
https://www.exploit-db.com/exploits/2473

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5206
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html