HTTP: IPS Community Suite Autoloaded PHP Code Injection Vulnerability
This signature detects attempts to exploit a known vulnerability against IPS Community Suite. A successful attack can lead to arbitrary code execution.
Extended Description
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Affected Products
Invisioncommunity invision_power_board
Short Name
HTTP:PHP:INVISION-IPS-COMM
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Autoloaded CVE-2016-6174 Code Community IPS Injection PHP Suite Vulnerability
Release Date
07/26/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Php
Invisioncommunity
CVSS Score
6.8