CVE-2016-6174
published 2016-07-12CVE-2016-6174: applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before…
PriorityP264high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
12.29%
95.7th percentile
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra | — | — |
| invisioncommunity | invision_power_board | <= 4.1.12.3 | — |
| php | php | <= 5.4.23 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlindex.php?app=core&module=system&controller=content&do=find&content_class=cms\Fields1{}phpinfo();/*↗
- →Monitor HTTP requests for the 'content_class' parameter containing namespace separator characters, curly braces, or PHP function calls (e.g. 'cms\Fields' followed by digits and injected PHP code), targeting the endpoint app=core&module=system&controller=content&do=find ↗
- →Alert on HTTP requests where 'content_class' parameter value matches the pattern 'cms\Fields<digit>{...}' as this triggers the vulnerable eval() code path in Application.php ↗
- →Exploitation is only possible against IPS Community Suite running on PHP < 5.4.24 or PHP 5.5.x < 5.5.8; fingerprint target PHP version to prioritize triage ↗
- ·Exploitation requires the CMS application to be installed and active, as the vulnerable autoloader is defined in /applications/cms/Application.php — instances without the CMS app are not exploitable via this vector ↗
- ·The vulnerability is only exploitable on PHP versions before 5.4.24 or 5.5.x before 5.5.8; modern PHP versions are not affected ↗
- ·The attack is unauthenticated — no session or login is required for exploitation ↗
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2016-6174: macOS Sierra 10.12
vendor_apple·2016-09-20·CVSS 8.1
CVE-2016-6174 [HIGH] CVE-2016-6174: macOS Sierra 10.12
Apple Security Update: About the security content of macOS Sierra 10.12
Product: macOS Sierra
Version: 10.12
CVE: CVE-2016-6174
Component: CVE-2016-6174
GHSA
GHSA-wpfq-fvm4-44jm: applications/core/modules/front/system/content
ghsa_unreviewed·2022-05-13
CVE-2016-6174 [HIGH] GHSA-wpfq-fvm4-44jm: applications/core/modules/front/system/content
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
No detection rules found.
No writeups or analysis indexed.
http://karmainsecurity.com/KIS-2016-11http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Jul/19http://www.securityfocus.com/bid/91732https://invisionpower.com/release-notes/4113-r44/https://support.apple.com/HT207170https://www.exploit-db.com/exploits/40084/http://karmainsecurity.com/KIS-2016-11http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Jul/19http://www.securityfocus.com/bid/91732https://invisionpower.com/release-notes/4113-r44/https://support.apple.com/HT207170https://www.exploit-db.com/exploits/40084/
2016-07-12
Published