1Nf3Ct0R

**Name of the Vulnerable Software and Affected Versions** Invision Gallery version 2.0.7 **Description** A directory traversal issue allows remote attackers to read arbitrary files by using a .. (dot dot) sequence in the `dir` parameter in "index.php" and "forum/index.php", when the viewimage command in the gallery module is used. **Recommendations** For Invision Gallery version 2.0.7, consider restricting access to the `dir` parameter in the affected API endpoints "index.php" and "forum/index.php" to minimize the risk of exploitation. As a temporary workaround, avoid using the `viewimage` command in the gallery module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Invision Gallery version 2.0.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `album` parameter in API endpoints such as "index.php" and "forum/index.php", specifically when the rate command in the gallery automodule is used. **Recommendations** For Invision Gallery version 2.0.7, consider restricting access to the `album` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the rate command in the gallery automodule to minimize the risk of exploitation.