CVE-2016-6174
Summary
| CVE | CVE-2016-6174 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-07-12 19:59:00 UTC |
| Updated | 2020-06-03 14:54:00 UTC |
| Description | applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Invisioncommunity | Invision Power Board | All | All | All | All |
| Application | Php | Php | 5.5.0 | All | All | All |
| Application | Php | Php | 5.5.0 | alpha1 | All | All |
| Application | Php | Php | 5.5.0 | alpha2 | All | All |
| Application | Php | Php | 5.5.0 | alpha3 | All | All |
| Application | Php | Php | 5.5.0 | alpha4 | All | All |
| Application | Php | Php | 5.5.0 | alpha5 | All | All |
| Application | Php | Php | 5.5.0 | alpha6 | All | All |
| Application | Php | Php | 5.5.0 | beta1 | All | All |
| Application | Php | Php | 5.5.0 | beta2 | All | All |
| Application | Php | Php | 5.5.0 | beta3 | All | All |
| Application | Php | Php | 5.5.0 | beta4 | All | All |
| Application | Php | Php | 5.5.0 | rc1 | All | All |
| Application | Php | Php | 5.5.0 | rc2 | All | All |
| Application | Php | Php | 5.5.1 | All | All | All |
| Application | Php | Php | 5.5.2 | All | All | All |
| Application | Php | Php | 5.5.3 | All | All | All |
| Application | Php | Php | 5.5.4 | All | All | All |
| Application | Php | Php | 5.5.5 | All | All | All |
| Application | Php | Php | 5.5.6 | All | All | All |
| Application | Php | Php | 5.5.7 | All | All | All |
| Application | Php | Php | 5.5.0 | All | All | All |
| Application | Php | Php | 5.5.0 | alpha1 | All | All |
| Application | Php | Php | 5.5.0 | alpha2 | All | All |
| Application | Php | Php | 5.5.0 | alpha3 | All | All |
| Application | Php | Php | 5.5.0 | alpha4 | All | All |
| Application | Php | Php | 5.5.0 | alpha5 | All | All |
| Application | Php | Php | 5.5.0 | alpha6 | All | All |
| Application | Php | Php | 5.5.0 | beta1 | All | All |
| Application | Php | Php | 5.5.0 | beta2 | All | All |
| Application | Php | Php | 5.5.0 | beta3 | All | All |
| Application | Php | Php | 5.5.0 | beta4 | All | All |
| Application | Php | Php | 5.5.0 | rc1 | All | All |
| Application | Php | Php | 5.5.0 | rc2 | All | All |
| Application | Php | Php | 5.5.1 | All | All | All |
| Application | Php | Php | 5.5.2 | All | All | All |
| Application | Php | Php | 5.5.3 | All | All | All |
| Application | Php | Php | 5.5.4 | All | All | All |
| Application | Php | Php | 5.5.5 | All | All | All |
| Application | Php | Php | 5.5.6 | All | All | All |
| Application | Php | Php | 5.5.7 | All | All | All |
| Application | Php | Php | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of macOS Sierra 10.12 - Apple Support | CONFIRM | support.apple.com | |
| APPLE-SA-2016-09-20 macOS Sierra 10.12 | APPLE | lists.apple.com | |
| Full Disclosure: [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability | FULLDISC | seclists.org | Exploit |
| IPS Community Suite CVE-2016-6174 PHP Code Injection Vulnerability | BID | www.securityfocus.com | |
| IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability | Karma(In)Security | MISC | karmainsecurity.com | Exploit |
| 4.1.13 - Release Notes - Invision Community | CONFIRM | invisionpower.com | |
| IPS Community Suite 4.1.12.3 - PHP Code Injection - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | |
| IPS Community Suite 4.1.12.3 PHP Code Injection ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.