Lucene search

[email protected]CVE-2005-1948

HistoryJun 14, 2005 - 4:00 a.m.

CVE-2005-1948

2005-06-1404:00:00

[email protected]

web.nvd.nist.gov

cve-2005-1948

sql injection

invision gallery

remote attackers

arbitrary sql commands

editcomment action

rating parameter

photo

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.

Affected configurations

NVD

Node

invision_power_servicesinvision_galleryMatch1.0.1

invision_power_servicesinvision_galleryMatch1.3

CPENameOperatorVersion
invision_power_services:invision_galleryinvision power services invision galleryeq1.0.1
invision_power_services:invision_galleryinvision power services invision galleryeq1.3

CPE	Name	Operator	Version
invision_power_services:invision_gallery	invision power services invision gallery	eq	1.0.1
invision_power_services:invision_gallery	invision power services invision gallery	eq	1.3

References

marc.info/?l=bugtraq&m=111834146710329&w=2

www.gulftech.org/?node=research&article_id=00079-06092005

www.securityfocus.com/bid/13907

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for CVE-2005-1948

nvd1 nessus1 cvelist1