CVE-2006-6370 : SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause

SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.

Published 2006-12-07 17:28:00

Updated 2018-10-17 21:47:56

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql InjectionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2006-6370

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-6370

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-6370

Products affected by CVE-2006-6370

Invision Power Services » Invision Gallery » Version: 2.0.7
cpe:2.3:a:invision_power_services:invision_gallery:2.0.7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-6370

Exploit prediction scoring system (EPSS) score for CVE-2006-6370

CVSS scores for CVE-2006-6370

References for CVE-2006-6370

Products affected by CVE-2006-6370