CVE-2024-30163: SQL Injection
First published: Fri Jun 07 2024(Updated: )
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Invision Community | >=4.4.0<4.7.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-30163?
CVE-2024-30163 is considered a high severity vulnerability due to the potential for SQL injection attacks.
How do I fix CVE-2024-30163?
To fix CVE-2024-30163, update Invision Community to version 4.7.16 or later.
What are the potential impacts of CVE-2024-30163?
The potential impacts of CVE-2024-30163 include unauthorized access to sensitive data and potential database compromise.
What versions of Invision Community are affected by CVE-2024-30163?
CVE-2024-30163 affects Invision Community versions from 4.4.0 to 4.7.15.
Can I mitigate CVE-2024-30163 without an update?
Mitigating CVE-2024-30163 without an update is challenging, but employing web application firewalls and strict input validation can help reduce risk.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/source
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/invisioncommunity
- canonical/invision community
- version/invision community/4.4.0