PT-2016-7684 · Exponent · Exponent Cms

Fyth

Published

2016-11-04

Updated

2016-11-29

CVE-2016-9184

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Exponent CMS version 2.4.0

Description The issue allows for SQL Injection due to the use of untrusted input in constructing a table name in the expHTMLEditorController.php file. This is further exploited by the selectObject method in the mysqli class, which wraps table names with a character that common filters do not filter, leading to Information Disclosure.

Recommendations For Exponent CMS version 2.4.0, consider restricting access to the expHTMLEditorController.php file until a patch is available, and avoid using untrusted input to construct table names. As a temporary workaround, consider validating and sanitizing all user input to prevent SQL Injection attacks.

Fix

Information Disclosure

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-89

Related Identifiers

CVE-2016-9184

Affected Products

Exponent Cms

PT-2016-7684 · Exponent · Exponent Cms

CVE-2016-9184

Weakness Enumeration

Related Identifiers

Affected Products

References · 5