Arbitrary Code Execution in Invision Power Services IPS Community Suite
CVE-2016-6174 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Learn more about our Web Application Penetration Testing UK.