Login Sign Up

CVE-2021-32924

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated moderators in Invision Community (IPS Community Suite) to execute arbitrary PHP code via eval injection in the theme preview functionality. It affects all installations before version 4.6.0, enabling remote code execution with moderator privileges.

💻 Affected Systems

Products:
  • Invision Community
  • IPS Community Suite
Versions: All versions before 4.6.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires moderator-level access to exploit; affects all default installations with CMS/pages module enabled.

📦 What is this software?

Ips Community Suite by Invisioncommunity

View all CVEs affecting Ips Community Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, malware deployment, lateral movement, and complete system takeover.

🟠

Likely Case

Moderator-level attackers gaining administrative access, defacing websites, stealing user data, and installing backdoors.

🟢

If Mitigated

Limited impact if proper access controls restrict moderator privileges and network segmentation is in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authenticated moderator access; public exploit code available on Packet Storm and other sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.6.0 and later

Vendor Advisory: https://invisioncommunity.com/features/security/

Restart Required: No

Instructions:

1. Backup your installation and database. 2. Download Invision Community 4.6.0 or later from the client area. 3. Upload files to overwrite existing installation. 4. Run the upgrader at /admin/upgrade. 5. Clear system cache in AdminCP.

🔧 Temporary Workarounds

Disable CMS/Pages Module

all

Temporarily disable the vulnerable CMS/pages module if not required

Restrict Moderator Access

all

Review and restrict moderator privileges to essential functions only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the application server
  • Enable detailed logging and monitoring for eval() function calls and theme preview activities

🔍 How to Verify

Check if Vulnerable:

Check AdminCP dashboard for version number; if below 4.6.0, you are vulnerable.

Check Version:

Check AdminCP dashboard or view source of any page for version meta tags

Verify Fix Applied:

Confirm version is 4.6.0 or higher in AdminCP and test theme preview functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual eval() calls in PHP logs
  • Theme preview requests with suspicious parameters
  • Moderator account performing unexpected actions

Network Indicators:

  • POST requests to /index.php?app=cms&module=pages&controller=builder with eval-like payloads

SIEM Query:

source="php_error.log" AND "eval()" AND "IPS\\cms\\modules\\front\\pages\\_builder"

📊 Metadata

CVE ID: CVE-2021-32924
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: June 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32924, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)