Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6174Invision Power Board vulnerability

5 documents5 sources
Severity
8.1HIGHNVD
EPSS
19.8%
top 4.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Invisioncommunity Invision Power BoardPHP
Timeline
PublishedJul 12
Latest updateMay 13

Description

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDphp/php5.4.23+8

🔴Vulnerability Details

2
GHSA
GHSA-wpfq-fvm4-44jm: applications/core/modules/front/system/content2022-05-13
CVEList
CVE-2016-6174: applications/core/modules/front/system/content2016-07-12

💥Exploits & PoCs

1
Exploit-DB
IPS Community Suite 4.1.12.3 - PHP Code Injection2016-07-11

📋Vendor Advisories

1
Apple
CVE-2016-6174: macOS Sierra 10.122016-09-20
CVE-2016-6174 — Invision Power Board vulnerability | cvebase