Exponent Cms@2.3.9 Security Vulnerabilities and Issues — Exponent Cms@2.3.9 CVE List

Lucene search

ExponentcmsExponent Cms2.3.9

3 matches found

CVE•added 2017/01/12 10:59 p.m.•35 views

CVE-2016-7790

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.

9.8CVSS9.9AI score0.03525EPSS

CVE•added 2017/01/12 10:59 p.m.•35 views

CVE-2016-7791

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.

9.8CVSS9.9AI score0.03525EPSS

CVE•added 2017/02/13 6:59 p.m.•33 views

CVE-2016-7565

install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.

9.8CVSS9.8AI score0.01513EPSS