IPS Community Suite - Unauthenticated SQL Injection

IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database. id: CVE-2024-30163 info: name: IPS Community Suite - Unauthenticated SQL Injection author:...

Invision Community <=5.0.6 Unauthenticated RCE via Template Injection

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by unauthenticated...

📄 Invision Community 5.0.6 customCss Expression Injection

Invision Community version 5.0.6 customCss expression injection proof of concept exploit written in PHP. ============================================================================================================================================= | Title : Invision Community 5.0.6 customCss...

Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Invisioncommunity

CVE-2025-47916 - Invision Community Remote Code Execution RCE...

EUVD-2020-21845

Malware in sbrugna...

EUVD-2021-26378

Malware in sbrugna...

EUVD-2006-2252

Malware in sbrugna...

EUVD-2006-6352

Malware in sbrugna...

EUVD-2021-26379

Malware in sbrugna...

EUVD-2021-25612

Malware in sbrugna...

EUVD-2005-0218

Malware in sbrugna...

EUVD-2021-19645

Malware in sbrugna...

EUVD-2021-25611

Malware in sbrugna...

Invision Community 安全漏洞

Invision Community is a software for designing and developing mobile application UI from Invision USA. A security vulnerability exists in Invision Community versions 4.7.20 and earlier, which stems from improper input cleanup and is susceptible to SQL injection attacks...

Invision Community 4.7.20 - (calendar/view.php) SQL Injection

Exploit Title: Invision Community = 4.7.18. Proof of Concept https://karmainsecurity.com/pocs/CVE-2025-48932.php...

PT-2025-30554

Name of the Vulnerable Software and Affected Versions Invision Community versions prior to 4.7.20 Description The Invision Community software contains a SQL injection issue in the calendar/view.php file. The vulnerability resides in the IPScalendarmodulesfrontcalendarview::search method, where us...

📄 Invision Community 4.7.20 SQL Injection

Invision Community versions 4.7.20 and below have a vulnerability located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search method: user input passed through the location request parameter is not properl...

PT-2025-30555 · Invision Power Board · Invision Community

Name of the Vulnerable Software and Affected Versions: Invision Community versions 5.0.0 through 5.0.7 Description: The software contains a reflected cross-site scripting issue in the oauth/callback endpoint. Recommendations: Update to a version later than 5.0.7. As a temporary workaround, consid...

📄 Invision Community 5.0.7 Cross Site Scripting

Invision Community versions 5.0.7 and below have an issue where user input passed through the state POST parameter to the /oauth/callback/index.php script is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflected cross site...

VulnCheck KEV: CVE-2025-47916

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...