Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
References
Link | Resource |
---|---|
https://invisioncommunity.com/release-notes-v5/507-r41/ | Release Notes |
https://karmainsecurity.com/KIS-2025-02 | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2025/May/4 | Mailing List Third Party Advisory |
https://karmainsecurity.com/KIS-2025-02 | Exploit Third Party Advisory |
Configurations
History
20 Jun 2025, 17:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Invisioncommunity invisioncommunity
Invisioncommunity |
|
References | () https://invisioncommunity.com/release-notes-v5/507-r41/ - Release Notes | |
References | () https://karmainsecurity.com/KIS-2025-02 - Exploit, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2025/May/4 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:invisioncommunity:invisioncommunity:*:*:*:*:*:*:*:* | |
CWE | CWE-94 |
19 May 2025, 13:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 May 2025, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 May 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-16 15:15
Updated : 2025-06-20 17:42
NVD link : CVE-2025-47916
Mitre link : CVE-2025-47916
CVE.ORG link : CVE-2025-47916
JSON object : View
Products Affected
invisioncommunity
- invisioncommunity