IPS Community Suite 4.5.4.2 PHP Code Injection

Up next

“King of Fraud” faces major sentence for the operation of a massive botnet; US companies scammed for up to $7 million USD

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the “cms” application to be enabled.

Cyber Attacks

Vice media hacked, confidential data leaked

Due to the fact that media organisations store information not just on…

Cybersdecurity RedFlag
February 5, 2023

Vulnerabilities

Critical vulnerability in Jira Software can allow an attacker to impersonate another user

Jira Service Management Server and Data Center include a significant vulnerability that…

Cybersdecurity RedFlag
February 3, 2023

Vulnerabilities

This F5 BIG-IP Vulnerability makes it easier for Ransomware to encrypt networks devices

BIG-IP has a high-severity format string vulnerability, according to F5, which might…

Cybersdecurity RedFlag
February 3, 2023

Securing The Cloud

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

The two biggest cloud security risks continue to be misconfigurations and…

Cybersdecurity RedFlag
February 3, 2023