CVE-2016-6174 Information
Share on:Description
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board IPB or Power Board) before 4.1.13 when used with PHP before 5.4.24 or 5.5.x before 5.5.8 allows remote attackers to execute arbitrary code via the content_class parameter.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://karmainsecurity.com/KIS-2016-11 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html http://seclists.org/fulldisclosure/2016/Jul/19 http://www.securityfocus.com/bid/91732 https://invisionpower.com/release-notes/4113-r44/ https://support.apple.com/HT207170 https://www.exploit-db.com/exploits/40084/
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.1