Description

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

Remediation

References

CVE-2016-6174

Related Vulnerabilities

Apache HTTP Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-0940)

Django 7PK - Security Features Vulnerability (CVE-2016-7401)

WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)

Seo Panel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-100024)

WordPress Plugin User Activity Log Multiple Cross-Site Scripting Vulnerabilities (1.4.6)

Severity

High

Classification

CVE-2016-6174 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities