Vulnerabilities (CVE)

Filtered by vendor Invisioncommunity Subscribe

Filtered by product Ips Community Suite

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-32924	1 Invisioncommunity	1 Ips Community Suite	2021-06-16	6.0 MEDIUM	8.8 HIGH
Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
CVE-2021-3025	1 Invisioncommunity	1 Ips Community Suite	2021-01-15	6.5 MEDIUM	8.8 HIGH
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).