cbcvebase.
CVE-2024-30163
published 2024-06-07

CVE-2024-30163: Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
8.68%
94.5th percentile
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.

Affected

1 ranges
VendorProductVersion rangeFixed in
invisioncommunityinvisioncommunity>= 4.4.0 < 4.7.164.7.16

Detection & IOCsextracted from sources · hover to see the quote

path/index.php?/store/
pathapplications/nexus/modules/front/store/store.php
commandcat=1&filter[%60%20ON%201%20UNION%20SELECT%20IF(ORD(SUBSTR((1),1,1))%3C126,1,SLEEP(7))%20OR%20%3F%3D%3F%23]=1
  • Detect blind time-based SQL injection attempts targeting the filter[] parameter in POST requests to /index.php?/store/. Look for SLEEP() or IF(ORD(SUBSTR(...))) constructs in the POST body.
  • Monitor for unauthenticated POST requests to /index.php?/store/ with a Content-Type of application/x-www-form-urlencoded containing URL-encoded SQL keywords (UNION, SELECT, SLEEP, ORD, SUBSTR) in the filter[] parameter.
  • Use Shodan/FOFA queries to identify exposed Invision Community instances as potential targets: Shodan: html:"invision community"; FOFA: body="invision community".
  • A response duration >= 7 seconds combined with a body containing 'invision community' (case-insensitive) is a strong indicator of successful blind time-based SQLi exploitation.
  • ·The vulnerability is exploitable by unauthenticated attackers, meaning no session cookie or authentication token is required — perimeter controls relying on authentication checks will not block this attack.
  • ·The vulnerable code path is specifically within the _categoryView() method of the Nexus (store) module; only installations with the Nexus/Commerce application enabled are affected.
  • ·The exploit uses a time-based blind technique with a 7-second SLEEP threshold; WAF rules with short timeout thresholds or aggressive SQL keyword filtering on POST bodies are the primary mitigation layer prior to patching.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.