CVE-2016-2242

Name of the Vulnerable Software and Affected Versions Exponent CMS versions prior to 2.3.7 Patch 3

Description The issue is related to incorrect code generation management in the Exponent CMS content management system. Exploitation of this issue may allow a remote attacker to execute arbitrary code using the sc parameter in the install/index.php script.

Recommendations For Exponent CMS versions prior to 2.3.7 Patch 3, update to version 2.3.7 Patch 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the install/index.php script to minimize the risk of exploitation. Avoid using the sc parameter in the affected script until the issue is resolved.