IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the “cms” application to be enabled.
You May Also Like
Backdoor.Win32.Whirlpool.a Buffer Overflow
Backdoor.Win32.Whirlpool.a malware suffers from a buffer overflow vulnerability.
- cybersecurityredflag_sdevzw
- May 31, 2021
Trickbot improve its VNC module in recent attacks
Trickbot botnet is back, its authors implemented updates for the VNC module…
- cybersecurityredflag_sdevzw
- July 14, 2021
Monstra CMS 3.0.4 Remote Code Execution
Monstra CMS version 3.0.4 authenticated remote code execution exploit.
- cybersecurityredflag_sdevzw
- June 4, 2021
Ransomware Gang Attacks Billion-Dollar U.S. Liquor Maker
The hacking group called REvil ransomware, who have hacked numerous million-dollar companies,…
- cybersecurityredflag_sdevzw
- August 19, 2020