module
Invision Community 5.0.6 customCss RCE
| Disclosed |
|---|
| May 16, 2025 |
Disclosed
May 16, 2025
Description
Invision Community up to and including version 5.0.6 contains a remote code
execution vulnerability in the theme editor's customCss endpoint. By crafting
a specially formatted `content` parameter with a `{expression="…"}`
construct, arbitrary PHP can be evaluated. This module leverages that flaw
to execute payloads or system commands as the webserver user.
execution vulnerability in the theme editor's customCss endpoint. By crafting
a specially formatted `content` parameter with a `{expression="…"}`
construct, arbitrary PHP can be evaluated. This module leverages that flaw
to execute payloads or system commands as the webserver user.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.