← volver
CVE-2016-6174

CVE-2016-6174

EPSS 12.3%
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Productos afectados
n/a · n/a
PoCs públicas encontradas3
cve_referencepacketstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40084no verificadocve_referencewww.exploit-db.com/exploits/40084/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://karmainsecurity.com/KIS-2016-11http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Jul/19https://invisionpower.com/release-notes/4113-r44/https://support.apple.com/HT207170https://www.exploit-db.com/exploits/40084/http://www.securityfocus.com/bid/91732