Medium severity4.3NVD Advisory· Published Jun 9, 2005· Updated Apr 16, 2026

CVE-2005-1947

Description

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

Affected products

Invision Power Services/Gallery
cpe:2.3:a:invisioncommunity:gallery:*:*:*:*:*:*:*:*
Range: <1.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gulftech.orgnvdBroken LinkExploitPatchVendor Advisory
marc.infonvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000