File Upload Vulnerability in Exponent CMS by Exponent Software
CVE-2016-7443

9.8CRITICAL

Key Information:

Vendor: Exponentcms
Status: Exponent Cms
Vendor: CVE Published:; 7 March 2018

🔔 Create Exponentcms Vulnerability Alert

What is CVE-2016-7443?

Exponent CMS versions 2.3.0 to 2.3.9 are susceptible to a file upload vulnerability that allows remote attackers to exploit improper file handling mechanisms. This flaw can lead to arbitrary file uploads in incorrect locations, potentially compromising the integrity and security of the web application. It is critical for users of these versions to apply the necessary patches to safeguard their systems from potential attacks.

References

https://github.com/exponentcms/exponent-cms/releases/tag/...

x_refsource_CONFIRM

http://www.exponentcms.org/news/patch-1-released-for-v2-3-9

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2018
Vulnerability Reserved
Sep 9, 2016

CVE-2016-7443 Data

JSON