← voltar
CVE-2016-6174

CVE-2016-6174

EPSS 12.3%
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Produtos afetados
n/a · n/a
PoCs públicas encontradas3
cve_referencepacketstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/40084não verificadocve_referencewww.exploit-db.com/exploits/40084/não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://karmainsecurity.com/KIS-2016-11http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Jul/19https://invisionpower.com/release-notes/4113-r44/https://support.apple.com/HT207170https://www.exploit-db.com/exploits/40084/http://www.securityfocus.com/bid/91732