Re: Invision Gallery 2.0.7 SQL Injection Vulnerability

To fix this, you would need to change forum/modules/gallery/post.php at about line 153 from if( $this->ipsclass->input['op'] == 'doaddcomment' ) { $this->process_reply( $this->ipsclass->input['img'] ); } else { $this->reply_form( $this->ipsclass->input['img'] ); } to $img = in

Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability

Thanks for sharing! Quick fix is to edit file forum/modules/blog/lib/entry_reply_entry.php and change the following code (line 52 for me) 'where' => "entry_id = {$this->ipsclass->input['eid']}" to