Lucene search

[email protected]NVD:CVE-2024-30163

HistoryJun 07, 2024 - 5:15 p.m.

CVE-2024-30163

2024-06-0717:15:50

CWE-89

[email protected]

web.nvd.nist.gov

invision community

sql injection

ips nexus

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.7%

JSON

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.

Affected configurations

Nvd

Node

invisioncommunityinvisioncommunityRange4.4.0–4.7.16

VendorProductVersionCPE
invisioncommunityinvisioncommunity*cpe:2.3:a:invisioncommunity:invisioncommunity:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
invisioncommunity	invisioncommunity	*	cpe:2.3:a:invisioncommunity:invisioncommunity::::::::

References

seclists.org/fulldisclosure/2024/Apr/20

invisioncommunity.com/release-notes/4716-r128/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.7%

JSON

Related for NVD:CVE-2024-30163

cvelist1 packetstorm1 vulnrichment1 cve1 zdt1