Published: 10/10/2006 Updated: 19/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote malicious users to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
invision power services invision gallery 1.3.1
invision power services invision gallery 1.0.1
invision power services invision gallery 1.3
invision power services invision gallery 2.0.6
invision power services invision gallery 2.0.7
invision power services invision gallery 2.0.3

/* _ _ _ _ _ __ _ _ _ | || |___| | | |/ /_ _ (_)__ _| |_| |_ ___ | __ / -_) | | ' <| ' \| / _` | ' \ _(_-< |_||_\___|_|_|_|\_\_||_|_\__, |_||_\__/__/ hellknightsvoidru |___/ (c)oded by _1nf3ct0r_ Invision Gallery => 207 ReadFile() & SQL injection exploit +---------- ...

NVD-CWE-Other http://www.securityfocus.com/bid/20328 http://secunia.com/advisories/22400 https://exchange.xforce.ibmcloud.com/vulnerabilities/29334 https://www.exploit-db.com/exploits/2473 https://nvd.nist.gov https://www.exploit-db.com/exploits/2473/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5205

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect