Description

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

Remediation

References

CVE-2016-6174

Related Vulnerabilities

WordPress Plugin WP-PostViews Cross-Site Request Forgery (1.62)

WordPress Plugin Sina Extension for Elementor Multiple Cross-Site Scripting Vulnerabilities (3.3.11)

WordPress Plugin DFD Reddcoin Tips Cross-Site Scripting (1.1.1)

WordPress Plugin Permalink Manager Lite Cross-Site Request Forgery (2.2.19.2)

PHP Other Vulnerability (CVE-2001-1385)

Severity

High

Classification

CVE-2016-6174 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities