Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1948 — SQL Injection in Power Services Invision Gallery

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 41.85%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Invision Power Services Invision Gallery

Timeline

PublishedJun 9

Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDinvision_power_services/invision_gallery1.0.1, 1.3+1

Patches

Patch: www.gulftech.org ↗Patch: www.gulftech.org ↗

🔴Vulnerability Details

GHSA

GHSA-7qxc-g673-56cv: Multiple SQL injection vulnerabilities in Invision Gallery before 1↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection↗2005-06-09

▶