SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Forum/Board/Portal)  >   ExponentCMS Vendors:   exponentcms.org
Exponent CMS Bugs Let Remote Users Inject SQL Commands and Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1037281
SecurityTracker URL:  http://securitytracker.com/id/1037281
CVE Reference:   CVE-2016-9282, CVE-2016-9283, CVE-2016-9284, CVE-2016-9285, CVE-2016-9286   (Links to External Site)
Date:  Nov 12 2016
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.0, 2.4.0patch1
Description:   Multiple vulnerabilities were reported in Exponent CMS. A remote user can inject SQL commands and obtain potentially sensitive information on the target system.

A remote user can send a specially crafted request to view potentially sensitive information on the target system.

The 'search_string' parameter in the 'action=search&module=search' function in the 'framework/modules/search/controllers/searchController.php' module is affected [CVE-2016-9282]. Version 2.4.0 is affected.

The 'address/addContentToSearch/id/' function in 'framework/core/subsystems/expRouter.php' module is affected [CVE-2016-9283]. Version 2.4.0 is affected.

The getUsersByJSON() function in the 'framework/modules/users/controllers/usersController.php' module is affected [CVE-2016-9284]. Version 2.4.0 is affected.

The 'framework/modules/addressbook/controllers/addressController.php' module is affected [CVE-2016-9285]. Version 2.4.0 is affected.

The 'framework/modules/users/controllers/usersController.php' module is affected [CVE-2016-9286]. Version 2.4.0patch1 is affected.

Several users reported the 'expRouter.php' vulnerability. pang0lin reported the other vulnerabilities.

Impact:   A remote user can obtain potentially sensitive information on the target system.
Solution:   The vendor has issued source code fixes, available at:

https://github.com/exponentcms/exponent-cms/commit/e83721a5b9fcc88e1141a8fb29c3d1bd522257c1

https://github.com/exponentcms/exponent-cms/commit/559792be727f4e731bfcb3935f5beec7749e9ce9

https://github.com/exponentcms/exponent-cms/commit/e7b6856ac384bf2b8ea7761a1e46d6e4186d36f4

https://github.com/exponentcms/exponent-cms/commit/9eeed1e82fb9e6d0d41e7dd10672df48045a9b59

https://github.com/exponentcms/exponent-cms/commit/e38aae66c785f08f3907aa121378caf71ca5f2d7

Vendor URL:  exponentcms.org/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC