CVE-2021-3025: SQL Injection
First published: Fri Jan 08 2021(Updated: )
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Invisioncommunity Ips Community Suite | <4.5.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3025?
CVE-2021-3025 is a vulnerability in Invision Community IPS Community Suite before 4.5.4.2 that allows SQL Injection via the Downloads REST API.
How does the vulnerability in Invision Community IPS Community Suite before 4.5.4.2 occur?
The vulnerability occurs due to improper handling of the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php.
What is the severity of CVE-2021-3025?
The severity of CVE-2021-3025 is high, with a CVSS score of 8.8.
Is there a fix available for CVE-2021-3025?
Yes, a fix is available for CVE-2021-3025 by updating to Invision Community IPS Community Suite version 4.5.4.2 or later.
Are there any additional references for CVE-2021-3025?
Additional references for CVE-2021-3025 can be found at http://packetstormsecurity.com/files/160830/IPS-Community-Suite-4.5.4-SQL-Injection.html and https://invisioncommunity.com/release-notes/.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/invisioncommunity
- canonical/invisioncommunity ips community suite