CVE-2016-6174

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:invisioncommunity:invision_power_board:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

History

21 Nov 2024, 02:55

Type Values Removed Values Added
References () http://karmainsecurity.com/KIS-2016-11 - Exploit () http://karmainsecurity.com/KIS-2016-11 - Exploit
References () http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html - () http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html -
References () http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html - () http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html -
References () http://seclists.org/fulldisclosure/2016/Jul/19 - Exploit () http://seclists.org/fulldisclosure/2016/Jul/19 - Exploit
References () http://www.securityfocus.com/bid/91732 - () http://www.securityfocus.com/bid/91732 -
References () https://invisionpower.com/release-notes/4113-r44/ - () https://invisionpower.com/release-notes/4113-r44/ -
References () https://support.apple.com/HT207170 - () https://support.apple.com/HT207170 -
References () https://www.exploit-db.com/exploits/40084/ - () https://www.exploit-db.com/exploits/40084/ -

Information

Published : 2016-07-12 19:59

Updated : 2024-11-21 02:55


NVD link : CVE-2016-6174

Mitre link : CVE-2016-6174

CVE.ORG link : CVE-2016-6174


JSON object : View

Products Affected

php

  • php

invisioncommunity

  • invision_power_board