Vulnerabilities > Invisioncommunity > IPS Community Suite > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-32924 | Code Injection vulnerability in Invisioncommunity IPS Community Suite Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. | 8.8 |
| 2021-01-08 | CVE-2021-3025 | SQL Injection vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4 Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php). | 8.8 |