Summary
Exponent CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, information-disclosure, arbitrary-file-upload, arbitrary-file-modify, and cross-site-scripting vulnerabilities.
Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view and execute local files within the context of the webserver, upload arbitrary code and run it in the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
Exponent CMS 0.97 is vulnerable
other versions may also be affected.
References