Exponent CMS Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

Exponent CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, information-disclosure, arbitrary-file-upload, arbitrary-file-modify, and cross-site-scripting vulnerabilities. Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view and execute local files within the context of the webserver, upload arbitrary code and run it in the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Exponent CMS 0.97 is vulnerable other versions may also be affected.

References

http://www.exponentcms.org
http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html
http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html
http://www.securityfocus.com/archive/1/515075
http://www.securityfocus.com/archive/1/515076
https://www.securityfocus.com/bid/44095

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability

Take action and discover your vulnerabilities