Invision Gallery 2.0.7 Index.PHP IMG Parameter SQL Injection Vulnerability

ID SSV:82733
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. OR id IN (SELECT BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date))) FROM ipb_gallery_images )