Invisioncommunity < 5.0.7 - Remote Code Execution
Title source: ruleDescription
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
Exploits (4)
nomisec
WORKING POC
1 stars
by Web3-Serializer · remote
https://github.com/Web3-Serializer/CVE-2025-47916
github
WORKING POC
1 stars
by exploitintel · pythonpoc
https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-47916
exploitdb
WORKING POC
by Egidio Romano · phpremotemultiple
https://www.exploit-db.com/exploits/52294
metasploit
WORKING POC
EXCELLENT
by Egidio Romano (EgiX), Valentin Lobstein · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/invision_customcss_rce.rb
Nuclei Templates (1)
Invision Community <=5.0.6 Unauthenticated RCE via Template Injection
CRITICALVERIFIEDby EgiX,iamnoooob,pdresearch
Shodan:
Set-Cookie: ips4_
FOFA:
body="Invision" && body="ips4"
Scores
CVSS v3
10.0
EPSS
0.8999
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lab Environment
patched
vulnerable
docker pull ghcr.io/exploitintel/cve-2025-47916-vulnerable:latest
Exploitation Intel
VulnCheck KEV
2025-06-06
Classification
CWE
CWE-1336
CWE-94
Status
published
Affected Products (1)
invisioncommunity/invisioncommunity
< 5.0.7
Timeline
Published
May 16, 2025
Tracked Since
Feb 18, 2026