CVE-2021-32924: Code Injection
First published: Tue Jun 01 2021(Updated: )
Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Invisioncommunity Ips Community Suite | <4.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Invision Community (aka IPS Community Suite) vulnerability?
The vulnerability ID for this Invision Community (aka IPS Community Suite) vulnerability is CVE-2021-32924.
What is the severity of CVE-2021-32924 vulnerability?
The severity of CVE-2021-32924 vulnerability is high (8.8).
How does CVE-2021-32924 allow PHP code injection?
CVE-2021-32924 allows eval-based PHP code injection by a moderator through the IPS\cms\modules\front\pages\_builder::previewBlock method.
Which version of Invision Community (aka IPS Community Suite) is affected by CVE-2021-32924?
Invision Community (aka IPS Community Suite) before version 4.6.0 is affected by CVE-2021-32924.
How can I fix CVE-2021-32924 vulnerability?
To fix CVE-2021-32924 vulnerability, update Invision Community Suite to version 4.6.0 or above.
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/invisioncommunity
- canonical/invisioncommunity ips community suite