Skip to main content

Ips Community Suite

3 CVEs product

Monthly

CVE-2021-32924 HIGH POC THREAT This Week

Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Ips Community Suite
NVD
CVSS 3.1
8.8
EPSS
19.9%
CVE-2021-3025 HIGH POC This Week

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ips Community Suite
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-3026 MEDIUM This Month

Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ips Community Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
EPSS 20% CVSS 8.8
HIGH POC THREAT This Week

Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ips Community Suite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ips Community Suite
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy