CVE-2024-30163
published 2024-06-07CVE-2024-30163: Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
8.68%
94.5th percentile
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| invisioncommunity | invisioncommunity | >= 4.4.0 < 4.7.16 | 4.7.16 |
Detection & IOCsextracted from sources · hover to see the quote
commandcat=1&filter[%60%20ON%201%20UNION%20SELECT%20IF(ORD(SUBSTR((1),1,1))%3C126,1,SLEEP(7))%20OR%20%3F%3D%3F%23]=1↗
- →Detect blind time-based SQL injection attempts targeting the filter[] parameter in POST requests to /index.php?/store/. Look for SLEEP() or IF(ORD(SUBSTR(...))) constructs in the POST body. ↗
- →Monitor for unauthenticated POST requests to /index.php?/store/ with a Content-Type of application/x-www-form-urlencoded containing URL-encoded SQL keywords (UNION, SELECT, SLEEP, ORD, SUBSTR) in the filter[] parameter. ↗
- →Use Shodan/FOFA queries to identify exposed Invision Community instances as potential targets: Shodan: html:"invision community"; FOFA: body="invision community". ↗
- →A response duration >= 7 seconds combined with a body containing 'invision community' (case-insensitive) is a strong indicator of successful blind time-based SQLi exploitation. ↗
- ·The vulnerability is exploitable by unauthenticated attackers, meaning no session cookie or authentication token is required — perimeter controls relying on authentication checks will not block this attack. ↗
- ·The vulnerable code path is specifically within the _categoryView() method of the Nexus (store) module; only installations with the Nexus/Commerce application enabled are affected. ↗
- ·The exploit uses a time-based blind technique with a 7-second SLEEP threshold; WAF rules with short timeout thresholds or aggressive SQL keyword filtering on POST bodies are the primary mitigation layer prior to patching. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
IPS Community Suite - Unauthenticated SQL Injection
nuclei·CVSS 9.8
CVE-2024-30163 [CRITICAL] IPS Community Suite - Unauthenticated SQL Injection
IPS Community Suite - Unauthenticated SQL Injection
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
Template:
id: CVE-2024-30163
info:
name: IPS Community Suite - Unauthenticated SQL Injection
author: ritikchaddha
severity: critical
description: |
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
impact: |
Unauthenticated attackers can execute arbitrary SQL queries, potentially extracting or modifying sensitive database information.
remediation: |
Update IPS Community Suite to a version
No writeups or analysis indexed.
2024-06-07
Published