ID |
CVE-2005-1948
|
Summary |
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 18-10-2016 - 03:23) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
|
Last major update |
18-10-2016 - 03:23 |
Published |
09-06-2005 - 04:00 |
Last modified |
18-10-2016 - 03:23 |