IPS Community Suite 4.5.4.2 PHP Code Injection

Up next

“King of Fraud” faces major sentence for the operation of a massive botnet; US companies scammed for up to $7 million USD

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the “cms” application to be enabled.

Mobile Security

Two million Texans have their details exposed

A programming issue at the Texas Department of Insurance (TDI) exposed the…

Cybersdecurity RedFlag
May 19, 2022

Mobile Security

Omnicell healthcare company hit by ransomware

Omnicell, a US based multinational healthcare company, has confirmed it suffered a…

Cybersdecurity RedFlag
May 19, 2022

Securing The Cloud

Deepfence Cloud builds on ThreatStryker security observability platform

Deepfence, a security observability and protection company, has launched Deepfence…

Cybersdecurity RedFlag
May 18, 2022

Vulnerabilities

Critical vulnerability in Bluetooth Low Energy (BLE) allows easily hacking Tesla cars, smart locks and millions of devices that use this Bluetooth technology

Specialists from the security firm NCC Group developed a tool capable of…

Cybersdecurity RedFlag
May 18, 2022