Vulnerability in Invisioncommunity Invision_power_board
CVE-2016-6174
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attacker…
EPSS: 0.198 (95.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Invisioncommunity Invision_power_board
- Php — versions 5.5.0, 5.5.1, 5.5.2
- N/a — versions n/a
Public proof-of-concept exploits
References
- 20160707 [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)
- APPLE-SA-2016-09-20 (vendor-advisory, x_refsource_APPLE)
- 40084 (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (x_refsource_MISC)
- 91732 (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2016-6174?
- CVE-2016-6174 is a high-severity vulnerability in Invisioncommunity Invision_power_board. CVSS score: 8.1/10. Published 2016-07-12.
- How severe is CVE-2016-6174?
- High severity. CVSS v3 base score is 8.1 out of 10.
- Is CVE-2016-6174 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.