CVE-2024-30162 affects Invision Community versions up to 4.7.16 and involves a remote code execution vulnerability in the applications/core/modules/admin/editor/toolbar.php file, specifically within the IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method processes uploaded ZIP files, extracting them into the applications/core/interface/ckeditor/ckeditor/plugins/ directory without sufficient validation of the archive contents. An attacker with administrative privileges and the toolbar_manage permission can craft a malicious ZIP archive containing arbitrary PHP files. Upon upload and extraction, these PHP files are placed in a web-accessible plugins directory, allowing the attacker to execute arbitrary PHP code in the context of the web server user. This can lead to full system compromise, including data theft, modification, or service disruption. The vulnerability is classified under CWE-345 (Insufficient Verification of Data Authenticity). The CVSS v3.1 base score is 7.2, reflecting high severity due to network attack vector, low attack complexity, high privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently known, the vulnerability presents a significant risk given the ease of exploitation by authorized admins and the critical nature of remote code execution flaws.

The impact of CVE-2024-30162 is substantial for organizations using Invision Community software, particularly those with multiple administrators or where admin credentials may be compromised or misused. Successful exploitation allows attackers to execute arbitrary PHP code with the privileges of the web server user, potentially leading to full system compromise. This can result in unauthorized data access, data modification or deletion, installation of backdoors or malware, and disruption of service availability. Because the vulnerability requires admin-level permissions, insider threats or compromised admin accounts pose a significant risk. Additionally, attackers could leverage this flaw to pivot within the network or escalate privileges further. The widespread use of Invision Community in online forums, community portals, and customer engagement platforms means that a broad range of organizations, including businesses, educational institutions, and government entities, could be affected. The vulnerability undermines the trustworthiness and security of affected platforms, potentially damaging reputation and causing regulatory compliance issues.

To mitigate CVE-2024-30162, organizations should immediately upgrade Invision Community to a version where this vulnerability is patched once available. In the absence of an official patch, administrators should restrict the toolbar_manage permission to only the most trusted users and audit existing admin accounts for suspicious activity. Implement strict access controls and multi-factor authentication for admin accounts to reduce the risk of credential compromise. Additionally, monitor the applications/core/interface/ckeditor/ckeditor/plugins/ directory for unauthorized file changes or uploads. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious ZIP file uploads or PHP file creations in plugin directories. Consider disabling plugin uploads temporarily if feasible. Regularly review logs for anomalous admin actions related to plugin management. Finally, conduct security awareness training for administrators to recognize and prevent misuse of their privileges.