CVE-2016-6174

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

Published: Jul 12, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-6174
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
invisioncommunity / invision_power_board	-	4.1.12.3.x
php / php	5.5.0-alpha1	5.5.0-alpha1.x
php / php	5.5.0-alpha3	5.5.0-alpha3.x
php / php	5.5.0-beta3	5.5.0-beta3.x
php / php	5.5.0	5.5.0.x
php / php	5.5.1	5.5.1.x
php / php	5.5.5	5.5.5.x
php / php	5.5.7	5.5.7.x
php / php	5.5.0-beta1	5.5.0-beta1.x
php / php	5.5.6	5.5.6.x
php / php	5.5.0-rc1	5.5.0-rc1.x
php / php	5.5.0-beta4	5.5.0-beta4.x
php / php	5.5.3	5.5.3.x
php / php	5.5.0-alpha6	5.5.0-alpha6.x
php / php	5.5.0-beta2	5.5.0-beta2.x
php / php	5.5.4	5.5.4.x
php / php	-	5.4.23.x
php / php	5.5.0-alpha4	5.5.0-alpha4.x
php / php	5.5.0-alpha5	5.5.0-alpha5.x
php / php	5.5.0-alpha2	5.5.0-alpha2.x
php / php	5.5.2	5.5.2.x
php / php	5.5.0-rc2	5.5.0-rc2.x

Vulnerability Database

289,599

CVE-2016-6174