A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.
References
Link | Resource |
---|---|
https://invisioncommunity.com/release-notes/462-r99/ | Release Notes Vendor Advisory |
https://invisioncommunity.com/release-notes/462-r99/ | Release Notes Vendor Advisory |
Configurations
History
21 Nov 2024, 06:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://invisioncommunity.com/release-notes/462-r99/ - Release Notes, Vendor Advisory |
Information
Published : 2022-06-13 18:15
Updated : 2024-11-21 06:24
NVD link : CVE-2021-40604
Mitre link : CVE-2021-40604
CVE.ORG link : CVE-2021-40604
JSON object : View
Products Affected
invisioncommunity
- ips_community_suite
CWE
CWE-918
Server-Side Request Forgery (SSRF)