Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-47916 PoC — Invision Community 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-47916.yaml
Associated Vulnerability
Title:Invision Community 安全漏洞 (CVE-2025-47916)
Description:Invision Community是美国Invision公司的一个用于设计、开发移动应用UI的软件。 Invision Community 5.0.0至5.0.7之前版本存在安全漏洞,该漏洞源于模板字符串处理不当,可能导致远程代码执行。
Description
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (/applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method, which is evaluated by the template engine. Accordingly, unauthenticated attackers can inject and execute arbitrary PHP code by providing crafted template strings.
File Snapshot

 id: CVE-2025-47916

info:
  name: Invision Community <=5.0.6 Unauthenticated RCE via Template Inject

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.