CVE-2024-30163
CRITICAL
Published 2024-06-07T00:00:00.000Z
Actions:
CVSS Score
V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.001
probability
of exploitation in the wild
There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.499
Higher than 49.9% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
Available Exploits
IPS Community Suite - Unauthenticated SQL Injection
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
ID: CVE-2024-30163
Author: ritikchaddha
Critical
Related News
No news articles found for this CVE.
References
Published: 2024-06-07T00:00:00.000Z
Last Modified: 2025-03-19T16:09:56.304Z
Copied to clipboard!