Multiple SQL injection vulnerabilities in Invision Gallery prior to 1.3.1 allow remote malicious users to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invision power services invision gallery 1.0.1 |
||
invision power services invision gallery 1.3 |