Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1948

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1948
Last Modified 05 Sep 2008 04:50:30
Published 09 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1948

Summary

Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.

Vulnerable Systems

Application

  • Invision Power Services Invision Gallery 1.0.1

  • Invision Power Services Invision Gallery 1.3


References

MISC - http://www.gulftech.org/?node=research&article_id=00079-06092005

BUGTRAQ - 20050609 Invision Gallery Vulnerabilities

BID - 13907


Last Updated: 27 May 2016 10:40:21