Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability
Invision Community 4.x 版本存在 SQL 注入漏洞(CVE-2025-48932),位于 `calendar/view.php` 文件中 `search()` 方法的 `location` 参数处理处。该漏洞可被远程未认证攻击者利用,导致敏感数据泄露或其他严重后果。受影响版本为 4.7.20 及以下,建议升级至 4.7.21 或更高版本以修复此问题。 2025-7-30 02:48:35 Author: seclists.org(查看原文) 阅读量:2 收藏
Invision Community 4.x 版本存在 SQL 注入漏洞(CVE-2025-48932),位于 `calendar/view.php` 文件中 `search()` 方法的 `location` 参数处理处。该漏洞可被远程未认证攻击者利用,导致敏感数据泄露或其他严重后果。受影响版本为 4.7.20 及以下,建议升级至 4.7.21 或更高版本以修复此问题。 2025-7-30 02:48:35 Author: seclists.org(查看原文) 阅读量:2 收藏
Full Disclosure mailing list archives
From: Egidio Romano <n0b0d13s () gmail com>
Date: Wed, 23 Jul 2025 11:58:59 +0200
---------------------------------------------------------------------------- Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability ---------------------------------------------------------------------------- [-] Software Link: https://invisioncommunity.com [-] Affected Versions: Certain 4.x versions before 4.7.21. [-] Vulnerability Description: The vulnerability is located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search() method: user input passed through the "location" request parameter is not properly sanitized before being used to construct a SQL query. This can be exploited by remote, unauthenticated attackers to e.g. read sensitive data from the database through boolean-based SQL Injection attacks. Successful exploitation of this vulnerability requires the "calendar" application to be installed and a "GeoLocation feature" (like Google Maps) to be configured. NOTE: SQL Injection vulnerabilities in Invision Community 4.x might lead to admin account takeover and RCE attacks, by resetting the admin's password. However, starting from version 4.7.18, a new security encryption key has been introduced within the password reset mechanism. As such, this attack vector won't work anymore with versions >= 4.7.18. [-] Proof of Concept: https://karmainsecurity.com/pocs/CVE-2025-48932.php [-] Solution: Upgrade to version 4.7.21 or later. [-] Disclosure Timeline: [16/05/2025] - Vendor notified [27/05/2025] - Version 4.7.21 released [28/05/2025] - CVE identifier requested [28/05/2025] - CVE identifier assigned [23/07/2025] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures program (cve.org) has assigned the name CVE-2025-48932 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2025-06 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability Egidio Romano (Jul 29)
文章来源: https://seclists.org/fulldisclosure/2025/Jul/29
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh