Arbitrary Code Execution in Invision Power Services IPS Community Suite

Arbitrary Code Execution in Invision Power Services IPS Community Suite

CVE-2016-6174 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

Learn more about our Web Application Penetration Testing UK.