CVE-2006-6370

Name of the Vulnerable Software and Affected Versions Invision Gallery version 2.0.7

Description The issue allows remote attackers to cause a denial of service and possibly have other impacts via a SQL injection vulnerability. This is demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in "index.php".

Recommendations For Invision Gallery version 2.0.7, as a temporary workaround, consider restricting access to the post.php file in the forum/modules/gallery directory until a patch is available. Avoid using the img parameter in the affected API endpoint until the issue is resolved.