漏洞类别:CGI
漏洞等级: 
漏洞信息
IPS Community Suite (previously known as Invision Power Suite) is a Internet community software produced by Invision Power Services, Inc. It is written in PHP and uses MySQL as a database management system.
The vulnerability exists because applications/core/modules/front/system/content.php source file implemented in the affected software, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote, unauthenticated attackers to execute arbitrary code via the content_class parameter.
Affected Versions:
Invision Power Services IPS Community Suite prior to 4.1.13
漏洞危害
Successful exploitation allows remote, unauthenticated attackers to execute arbitrary code on a targeted system, leading to a loss of confidentiality, integrity and availability.
解决方案
Customers are advised to install IPS Community Suite 4.1.13 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论