PT-2016-7338 · Pixidou+1 · Pixidou Image Editor+1

Manuel Garcia Cardenas

Published

2016-11-03

Updated

2018-02-27

CVE-2016-7452

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Exponent CMS versions prior to 2.3.9 patch 2

Description The issue allows an attacker to upload a malicious file to any folder on the site via a cpi directory traversal in the Pixidou Image Editor.

Recommendations For versions prior to 2.3.9 patch 2, update to version 2.3.9 patch 2 or later to resolve the issue.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2016-7452

Affected Products

Exponent Cms

Pixidou Image Editor

PT-2016-7338 · Pixidou+1 · Pixidou Image Editor+1

CVE-2016-7452

Weakness Enumeration

Related Identifiers

Affected Products

References · 6