Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted July 13, 2024Jul 13 Hi, I recently had to restore a site and noticed some log entries referencing applications/core/interface/ckeditor/ckeditor/plugins/ related to malicious activity and I see that was reported as a possible vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2024-30162 There was also another report for a SQL injection. https://nvd.nist.gov/vuln/detail/CVE-2024-30163 Were these addressed in 4.7.17? Thanks
July 13, 2024Jul 13 Solution We reviewed the report now identified as CVE-2024-30162. It was determined this was not a valid issue. The issue identified in CVE-2024-30163 was fixed in 4.7.16 as noted in the NIST page and in our release notes flagged as a security release - https://invisioncommunity.com/release-notes/4716-r128/ It's with noting that if you have security questions or concerns you can reach out to us privately via our contact page.
July 13, 2024Jul 13 Author Ah okay. Thanks for the quick response. Since the contact form only listed sales/billing I assumed this was where I should go.
July 15, 2024Jul 15 On 7/13/2024 at 11:25 PM, Bill Katula said: Ah okay. Thanks for the quick response. Since the contact form only listed sales/billing I assumed this was where I should go. No problem. Feel free to hit billing if needed. We can always forward you to the right place if needed 🙂
