CVE-2016-6174

Sažetak

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

Reference

http://karmainsecurity.com/KIS-2016-11
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html
http://seclists.org/fulldisclosure/2016/Jul/19
http://www.securityfocus.com/bid/91732
https://invisionpower.com/release-notes/4113-r44/
https://support.apple.com/HT207170
https://www.exploit-db.com/exploits/40084/

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-06-2020 - 14:54

Objavljeno

12-07-2016 - 19:59