CVE-2006-5206

Name of the Vulnerable Software and Affected Versions Invision Gallery version 2.0.7

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the album parameter in API endpoints such as "index.php" and "forum/index.php", specifically when the rate command in the gallery automodule is used.

Recommendations For Invision Gallery version 2.0.7, consider restricting access to the album parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the rate command in the gallery automodule to minimize the risk of exploitation.