CVE-2017-5879

Name of the Vulnerable Software and Affected Versions Exponent CMS version 2.4.1

Description A blind SQL injection issue allows un-authenticated users to exploit the system via an HTTP GET request. This can be used to dump database data to a malicious server using out-of-band techniques, such as select loadfile(). The issue affects the source selector.php file and the src parameter.

Recommendations For Exponent CMS version 2.4.1, as a temporary workaround, consider restricting access to the source selector.php file and avoid using the src parameter in HTTP GET requests until a patch is available.