Unrated severityNVD Advisory· Published Oct 10, 2006· Updated Apr 23, 2026

CVE-2006-5206

Description

SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.

Affected products

Invision Power Services/Invision Gallery6 versions
cpe:2.3:a:invision_power_services:invision_gallery:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:invision_power_services:invision_gallery:*:*:*:*:*:*:*:*range: <=2.0.7
- cpe:2.3:a:invision_power_services:invision_gallery:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_gallery:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_gallery:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_gallery:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:invision_power_services:invision_gallery:2.0.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000