CVE-2004-1835

Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote malicious users to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
invision power services invision gallery 1.0.1

Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: <= 11 RC 2 Website: wwwinvisiontslcom/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web developers Featuring an impres ...

source: wwwsecurityfocuscom/bid/9944/info It has been reported that Invision Gallery may be prone to multiple sql injection vulnerabilities, allowing an attacker to influence SQL query logic The issues exist due to insufficient sanitization of user-supplied data via the 'img', 'cat', 'sort_key', 'order_key', 'user' and 'album' parameters ...

NVD-CWE-Other http://www.securityfocus.com/bid/9944 http://www.osvdb.org/4472 http://securitytracker.com/id?1009512 http://secunia.com/advisories/11194 http://marc.info/?l=bugtraq&m=107997906500032&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15566 https://nvd.nist.gov https://www.exploit-db.com/exploits/43807/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1835

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect