Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-30162
HistoryJun 07, 2024 - 5:15 p.m.

CVE-2024-30162

2024-06-0717:15:50
[email protected]
web.nvd.nist.gov
5
invision community
4.7.16
remote code execution
admin users
directory exploitation

0.0004 Low

EPSS

Percentile

9.1%

JSON

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/interface/ckeditor/ckeditor/plugins/ directory without properly verifying their content. This can be exploited by admin users (with the toolbar_manage permission) to write arbitrary PHP files into that directory, leading to execution of arbitrary PHP code in the context of the web server user.

Related

cve 1
vulnrichment 1
cvelist 1
packetstorm 1
zdt 1
cve
cve
CVE-2024-30162
2024-06-07 17:15:50
vulnrichment
vulnrichment
CVE-2024-30162
2024-06-07 00:00:00
cvelist
cvelist
CVE-2024-30162
2024-06-07 00:00:00
packetstorm
packetstorm
Invision Community 4.7.16 Remote Code Execution
2024-04-08 00:00:00
zdt
zdt
Invision Community 4.7.16 Remote Code Execution Vulnerability
2024-04-08 00:00:00

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVD:CVE-2024-30162
cve1vulnrichment1cvelist1packetstorm1zdt1