Vulners
Lucene search
Exponent CMS 2.3.9 SQL Injection Vulnerability
| Reporter | Title | Published | Views | Family All 61 |
|---|---|---|---|---|
 | Exponent CMS 'getSection' Function SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'title' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'src' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'author' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'version' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'username' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS SQL Injection Vulnerability (CNVD-2016-10699) | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'fileid' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'version' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
| Exponent CMS 'is_what' Parameter SQL Injection Vulnerability | 4 Nov 201600:00 | – | cnvd |
10
Exponent CMS 2.3.9 SQL Injection Vulnerability
Disclose 10 * cve in Exponent CMS
[CVE-2016-7780]
> In the line 42 of cron/find_help.php , $_GET['version'] can be
> controlled and injected. It is possible to time-based blind SQL Inject
> by the param of "version".
fix: https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
[CVE-2016-7781]
> In the line 387 function getUserByName of
> ./framework/modules/users/models/user.php , $name can be controlled and
> injected. It is possible to time-based blind SQL Inject by the param of
> "author".
fix: In the line 169 of framework/modules/blog/controllers/blogController.php , $this->params['author'] has been escaped.
https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db
[CVE-2016-7782]
> In the line 33 of ./framework/core/models/expConfig.php ,
> $this->location_data can be controlled and injected. It is possible to
> time-based blind SQL Inject by the param of "src".
fix:http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591
[CVE-2016-7783]
> In the line 118 of ./framework/core/models/expRecord.php , $params can
> be controlled and injected. It is possible to boolean-based and
> time-based blind SQL Inject by the param of "title" .
fix:http://www.exponentcms.org/news/security-vulnerability-all-exponent-versions-october-2016
[CVE-2016-7784]
> This bug was found in the framework/core/subsystems/expRouter.php
> It is possible to inject SQL code in the function getSection by
> $_REQUEST['section'].
fix:https://exponentcms.lighthouseapp.com/projects/61783/changesets/1965e3719986406576898668855b8afbab43ed2c
[CVE-2016-7788]
>In Exponent CMS <=2.3.9, In the line 74 of ./framework/modules/users/models/user.php , $username
> can be controlled and injected.It is possible to time-based blind SQL
> Inject by the param of "username".
fix: In the line 127 of file framework/modules/users/controllers/loginController.php.
https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db
[CVE-2016-7789]
>In Exponent CMS <=2.3.9, framework/modules/eaas/controllers/eaasController.php , $key can be
> controlled. And in the line 33 of framework/core/models/expConfig.php,
> $this->location_data can be controlled and injected. It is possible to
> boolean-based blind SQL Inject by the param of apikey.
fix:http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591
[CVE-2016-9019]
> In Exponent CMS <=2.3.9, in the function activate_address of the file
> framework/modules/addressbook/controllers/addressController.php,
> $this->params['is_what'] can be controlled and injected. It is possible
> to do time-based SQL inject by the param 'is_what'.
fix:http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591
[CVE-2016-9020]
> In exponentcms <=2.3.9, in the line 125 of file
> framework/modules/help/controllers/helpController.php,
> $this->params['version'] can be controlled and injected. it is possible
> to SQL injection by the param of 'version'.
Fix: In the line 55 of framework/modules/help/models/help_version.php , $version has been escaped by function expString::escape.
https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db
[CVE-2016-9087]
> In exponentcms <=2.3.9, in the line 94 of file
> framework/modules/filedownloads/controllers/filedownloadController.php,
> $this->param['fileid'] can be controlled and injected. It is possible
> to SQL inject by param fileid.
Fix: In the line 94 of file framework/modules/filedownloads/controllers/filedownloadController.php
, $this->params['fileid'] has been escaped by function expString::escape.
https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db
Reported By web-Obfuscator in dbappsecurity
References:
https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
# 0day.today [2018-03-19] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Nov 2016 00:00Current
9.2High risk
Vulners AI Score9.2
EPSS0.02606