CVE-2016-9288

Опубликовано: 11 нояб. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.

Ссылки

http://www.securityfocus.com/bid/94296
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037280
https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba
Issue Tracking
Patch
http://www.securityfocus.com/bid/94296
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037280
https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*

Версия до 2.4.0 (включая)

EPSS

Процентиль: 48%

0.00251

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-7xgm-jxp3-q6jg