CVE-2024-30163
CRITICAL NUCLEIInvision Community <4.7.16 - SQL Injection
Title source: llmExploitation Summary
CVE-2024-30163 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
Nuclei Templates (1)
IPS Community Suite - Unauthenticated SQL Injection
CRITICALVERIFIEDby ritikchaddha
Shodan:
html:"invision community"
FOFA:
body="invision community"
References (2)
Core 2
Core References
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Apr/20
Release Notes
https://invisioncommunity.com/release-notes/4716-r128/
Scores
CVSS v3
9.8
EPSS
0.0868
EPSS Percentile
94.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
invisioncommunity/invisioncommunity
4.4.0 - 4.7.16
Published
Jun 07, 2024
Tracked Since
Feb 18, 2026