Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.