CVE-2016-6174

high-risk
Published 2016-07-12

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

Do I need to act?

!
19.8% chance of exploitation in next 30 days
EPSS score — higher than 80% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
40084
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (20)

Php
Php
Php
Php
Php
Php
Php
Invision Power Board
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php

Affected Vendors

Php Invisioncommunity

References (16)

Exploit http://karmainsecurity.com/KIS-2016-11
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Cod...
Exploit http://seclists.org/fulldisclosure/2016/Jul/19
http://www.securityfocus.com/bid/91732
https://invisionpower.com/release-notes/4113-r44/
https://support.apple.com/HT207170
https://www.exploit-db.com/exploits/40084/
Exploit http://karmainsecurity.com/KIS-2016-11
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Cod...
Exploit http://seclists.org/fulldisclosure/2016/Jul/19
http://www.securityfocus.com/bid/91732
https://invisionpower.com/release-notes/4113-r44/
https://support.apple.com/HT207170
https://www.exploit-db.com/exploits/40084/
58
/ 100
high-risk
Severity 24/34 · High
Exploitability 14/34 · Moderate
Exposure 20/34 · Moderate