漏洞类别:CGI
漏洞等级: 
漏洞信息
Exponent CMS is a free, open source, open standards modular enterprise software framework and content management system (CMS) written in the PHP. The vulnerability exists because of improper sanitization of user supplied input passed 'exponent/index.php'.
Affected Versions:
Exponent CMS version 2.3.9 and earlier
漏洞危害
Successful exploitation will allow an unauthenticated remote attacker to inject and execute arbitrary SQL code on the target.
解决方案
Vendor has released a patch to fix this vulnerability. Please refer to Exponent CMS 2.3.9 Patch#1 Release Notes for more details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
updated-patches-released-for-v2-1-4-and-v2-2-3-1473726129-0.50310400
0day
文章评论