Vulnerabilities

CVE-2021-32924

June 16, 2021

Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.

Summary:

Reference Links(if available):

https://hackerone.com/reports/1092574

http://seclists.org/fulldisclosure/2021/May/80

http://packetstormsecurity.com/files/162868/IPS-Community-Suite-4.5.4.2-PHP-Code-Injection.html

http://karmainsecurity.com/KIS-2021-04

https://invisioncommunity.com/features/security/

CVSS Score (if available)

v2: / MEDIUM

v3: /

Links to Exploits(if available)

Microsoft Addresses Four Critical Zero-Days in November Patch Tuesday Updates

November 14, 2024

AI Threat Worsening in 2025: Insights from Google Cloud

November 14, 2024

Lazarus Group’s Code Smuggling Technique Exploits Extended Attributes in macOS

November 14, 2024

Ethical Hacker or Not? Amazon MOVEit Leaker’s Controversial Claims

November 14, 2024

Hive0145 Targets Europe with Sophisticated Strela Stealer Campaigns

November 14, 2024

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

Microsoft Addresses Four Critical Zero-Days in November Patch Tuesday Updates

AI Threat Worsening in 2025: Insights from Google Cloud

Lazarus Group’s Code Smuggling Technique Exploits Extended Attributes in macOS

Ethical Hacker or Not? Amazon MOVEit Leaker’s Controversial Claims

Hive0145 Targets Europe with Sophisticated Strela Stealer Campaigns