Family: CGI abuses --> Category: attack
Invision Gallery Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in Invision Gallery
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application is vulnerable to
The remote host is running Invision Gallery, a community-based photo
gallery test for Invision Power Board.
The version installed on the remote host fails to properly sanitize
user-supplied data through several parameters, making it prone to
multiple SQL injection and cross-site scripting vulnerabilities.
These flaws may allow a possible hacker to delete images and/or albums,
discover password hashes, and even affect UPDATE database queries.
See also :
Upgrade to Invision Gallery 1.3.1 or greater.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.