Remote Code Execution Vulnerability in Exponent CMS by Exponent
CVE-2016-7565

9.8CRITICAL

Key Information:

Vendor

Exponentcms

Status
Exponent Cms
Vendor
CVE Published:
13 February 2017

What is CVE-2016-7565?

The Exponent CMS version 2.3.9 is vulnerable due to improper handling of input in install/index.php. Attackers can exploit this weakness by injecting shell metacharacters into the 'sc' array parameter, enabling them to execute arbitrary commands on the server. This poses a significant security risk, allowing unauthorized access and control over the affected system.

References

https://github.com/exponentcms/exponent-cms/releases/tag/...
x_refsource_CONFIRM
https://github.com/exponentcms/exponent-cms/commit/4ae457...
x_refsource_CONFIRM
https://exponentcms.lighthouseapp.com/projects/61783/chan...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.