applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HInvisioncommunity Invision Power Board
APPInvisioncommunity≤ 4.1.12.3PHP
APPPhp5.5.05.5.15.5.25.5.35.5.45.5.55.5.65.5.7≤ 5.4.23
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
References
Related vulnerabilities
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2012-1823CRITICAL9.8⚠ KEVten sam produkt
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...
CVE-2026-6722CRITICAL9.5PL ✓ten sam produkt
Use-after-free w rozszerzeniu SOAP PHP umożliwiające RCE
CVE-2024-11235CRITICAL9.2PL ✓ten sam produkt
PHP use-after-free przez __set lub ??= z wyjątkami — RCE
CVE-2022-31631CRITICAL9.1PL ✓ten sam produkt
PHP PDO SQLite — błędne cytowanie ciągów prowadzące do SQL injection