Invision Community IPS Community Suite prior to 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invisioncommunity ips community suite |