HomePentest-Tools.com Logo

Exponent CMS < 2.4.0 Multiple SQL Injection and Remote Code Execution Vulnerabilities CVE-2016-7400CVE-2016-7565CVE-2016-7780CVE-2016-7781CVE-2016-7782CVE-2016-7783CVE-2016-7784CVE-2016-7788CVE-2016-7789CVE-2016-7790CVE-2016-7791CVE-2016-9019CVE-2016-9020CVE-2016-9087

Severity
CVSSv3 Score
9.8
Vulnerability description

Exponent CMS is prone to multiple sql injection and remote code execution vulnerabilities.

Risk description

Successful exploitation will allow remote attackers to e.g dump database data out to a malicious server or execute code via the /install/index.php setup tool.

Recommendation

Upgrade to version 2.4.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 7, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available