CVE-2024-30163 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-30163?

CVE-2024-30163 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to perform Blind SQL Injection attacks against Invision Community forums. Attackers can potentially extract, modify, or delete database content. All Invision Community installations before version 4.7.16 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform Blind SQL Injection attacks against Invision Community forums. Attackers can potentially extract, modify, or delete database content. All Invision Community installations before version 4.7.16 are affected.

💻 Affected Systems

Products:

Invision Community

Versions: All versions before 4.7.16

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the store module specifically, but exploitation can lead to broader system compromise.

📦 What is this software?

Invisioncommunity by Invisioncommunity

View all CVEs affecting Invisioncommunity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credentials, private messages, financial data, and administrative takeover of the entire forum platform.

🟠

Likely Case

Data exfiltration of user information, session hijacking, privilege escalation, and potential lateral movement to other systems.

🟢

If Mitigated

Limited information disclosure if database permissions are properly restricted and web application firewalls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted requests to the store.php endpoint with malicious filter parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.7.16

Vendor Advisory: https://invisioncommunity.com/release-notes/4716-r128/

Restart Required: No

Instructions:

1. Backup your database and files. 2. Download Invision Community 4.7.16 or newer. 3. Upload files to your server, overwriting existing files. 4. Run the upgrader at /admin/upgrade. 5. Clear system cache in AdminCP.

🔧 Temporary Workarounds

Disable Store Module

all

Temporarily disable the vulnerable store module to prevent exploitation

Navigate to AdminCP > System > Applications > Store > Disable

WAF Rule Implementation

all

Add web application firewall rules to block SQL injection patterns in filter parameter

ModSecurity rule: SecRule ARGS:filter "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at application level
Deploy network segmentation and restrict database access to only necessary services

🔍 How to Verify

Check if Vulnerable:

Check AdminCP dashboard for version number. If version is below 4.7.16, system is vulnerable.

Check Version:

Check AdminCP dashboard or view source of any page for version meta tag

Verify Fix Applied:

Confirm version is 4.7.16 or higher in AdminCP and test store functionality works normally.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple requests to /applications/nexus/modules/front/store/store.php with filter parameter
Patterns of SQL keywords in URL parameters

Network Indicators:

HTTP requests containing SQL injection payloads in filter parameter
Unusual database query patterns from web server

SIEM Query:

source="web_logs" AND uri_path="/applications/nexus/modules/front/store/store.php" AND (query_string="*filter=*" AND (query_string="*SELECT*" OR query_string="*UNION*" OR query_string="*OR*"))

📊 Metadata

CVE ID: CVE-2024-30163

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: June 7, 2024

Last Updated: March 19, 2025

🔗 References

http://seclists.org/fulldisclosure/2024/Apr/20 Exploit,Mailing List,Third Party Advisory
https://invisioncommunity.com/release-notes/4716-r128/ Release Notes
http://seclists.org/fulldisclosure/2024/Apr/20 Exploit,Mailing List,Third Party Advisory
https://invisioncommunity.com/release-notes/4716-r128/ Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30163, you might also want to check these: