Описание
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-6174
- https://invisionpower.com/release-notes/4113-r44
- https://support.apple.com/HT207170
- https://www.exploit-db.com/exploits/40084
- http://karmainsecurity.com/KIS-2016-11
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html
- http://seclists.org/fulldisclosure/2016/Jul/19
- http://www.securityfocus.com/bid/91732
Связанные уязвимости
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Уязвимость компонента applications/core/modules/front/system/content.php программное обеспечение для организации веб-форумов Invision Power Board, интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код