Vulnerability Description
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invisioncommunity | Invisioncommunity | >= 4.4.0, < 4.7.16 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2024/Apr/20ExploitMailing ListThird Party Advisory
- https://invisioncommunity.com/release-notes/4716-r128/Release Notes
- http://seclists.org/fulldisclosure/2024/Apr/20ExploitMailing ListThird Party Advisory
- https://invisioncommunity.com/release-notes/4716-r128/Release Notes
FAQ
What is CVE-2024-30163?
CVE-2024-30163 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed thro...
How severe is CVE-2024-30163?
CVE-2024-30163 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-30163?
Check the references section above for vendor advisories and patch information. Affected products include: Invisioncommunity Invisioncommunity.