Summary
This host is installed with Exponent CMS and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary SQL commands or include arbitrary PHP files from the local system using directory traversal sequences with URL-encoded NULL byte, read arbitrary files or execute arbitrary PHP code on the target system.
Impact Level: Application
Solution
Update to Exponent CMS 2.2.0 Release Candidate 1 or later, For updates refer to http://www.exponentcms.org
Insight
Multiple flaws due to,
- Insufficient filtration of 'src' and 'username' HTTP GET parameters passed to '/index.php' script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database.
- Improper filtration of user-supplied input passed via the 'page' HTTP GET parameter to '/install/popup.php' script.
Affected
Exponent CMS version 2.2.0 beta 3 and prior
References
- http://forums.exponentcms.org/viewtopic.php?f=16&t=789
- http://packetstormsecurity.com/files/121643
- http://seclists.org/bugtraq/2013/May/57
- http://www.exponentcms.org/news/release-candidate-1-v2-2-0-set-loose
- http://www.osvdb.org/93447
- http://www.osvdb.org/93448
- http://www.securityfocus.com/archive/1/526609
- https://www.htbridge.com/advisory/HTB23154
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-3294, CVE-2013-3295 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- ArticleFR CMS Multiple Vulnerabilities - Jan15