6 matches found
CVE-2021-3025
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...
CVE-2021-3025
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...
Sql injection
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...
CVE-2021-3025
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...
CVE-2021-3025
Summary: CVE-2021-3025 affects Invision Community IPS Community Suite up to version 4.5.4.2. The vulnerability is an SQL Injection in the Downloads REST API, triggered by the sortDir parameter via sortBy=popular in the GETindex() method of /applications/downloads/api/files.php. The issue could al...
IPS Community Suite 4.5.4 SQL Injection
----------------------------------------------------------------------------- IPS Community Suite sortBy == 'popular' 56. 57. \IPS\Request::i-sortDir = \IPS\Request::i-sortDir ?: 'ASC'; 58. $sortBy = 'filerating ' . \IPS\Request::i-sortDir . ', filereviews'; 59. $where = array array 'filerating?'...