SQL Injection Vulnerability in Exponent-CMS by Exponent
CVE-2021-32441

7.5HIGH

Key Information:

Vendor: Exponentcms
Status: Exponent Cms
Vendor: CVE Published:; 17 February 2023

🔔 Create Exponentcms Vulnerability Alert

What is CVE-2021-32441?

An SQL Injection vulnerability exists in Exponent-CMS v2.6.0 that enables attackers to exploit the selectValue function within the expConfig class. This security flaw can potentially allow unauthorized access to sensitive information stored in the database, posing serious risks to user data integrity and application stability. The issue was addressed in version 2.7.0, emphasizing the importance of keeping software updated to mitigate such vulnerabilities.

References

https://github.com/exponentcms/exponent-cms/issues/1542

https://github.com/pang0lin/CVEproject/blob/main/Exponent...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
May 7, 2021

CVE-2021-32441 Data

JSON