SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Invision_gallery | Invision_power_services | * | 2.0.7 (including) |
Invision_gallery | Invision_power_services | 1.0.1 (including) | 1.0.1 (including) |
Invision_gallery | Invision_power_services | 1.3 (including) | 1.3 (including) |
Invision_gallery | Invision_power_services | 1.3.1 (including) | 1.3.1 (including) |
Invision_gallery | Invision_power_services | 2.0.3 (including) | 2.0.3 (including) |
Invision_gallery | Invision_power_services | 2.0.6 (including) | 2.0.6 (including) |