PT-2007-3587 · Exponent · Exponent Cms

Published

2007-04-25

Updated

2017-07-29

CVE-2007-2252

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Exponent CMS versions 0.96.6 Alpha and earlier

Description A directory traversal issue exists, allowing remote attackers to obtain sensitive information. This is achieved by using a .. (dot dot) in the icodir parameter of the iconspopup.php file.

Recommendations For Exponent CMS versions 0.96.6 Alpha and earlier, avoid using the icodir parameter in the iconspopup.php file until a fix is available. As a temporary workaround, consider restricting access to the iconspopup.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2252

Affected Products

Exponent Cms

PT-2007-3587 · Exponent · Exponent Cms

CVE-2007-2252

Related Identifiers

Affected Products

References · 8