Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1835SQL Injection in Power Services Invision Gallery

4 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 31.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Invision Power Services Invision Gallery
Timeline
PublishedDec 31
Latest updateApr 29

Description

Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-64r9-wcqr-wq62: Multiple SQL injection vulnerabilities in index2022-04-29

💥Exploits & PoCs

2
Exploit-DB
Invision Power Services Invision Gallery 1.0.1 - Multiple SQL Injections2004-03-23
Exploit-DB
Invision Gallery < 1.0.1 - SQL Injection2004-03-21