ID de Prueba:	1.3.6.1.4.1.25623.1.0.803702
Categoría:	Web application abuses
Título:	Exponent CMS Multiple Vulnerabilities
Resumen:	Exponent CMS is prone to multiple vulnerabilities.
Descripción:	Summary: Exponent CMS is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws due to: - Insufficient filtration of 'src' and 'username' HTTP GET parameters passed to '/index.php' script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database. - Improper filtration of user-supplied input passed via the 'page' HTTP GET parameter to '/install/popup.php' script. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary SQL commands or include arbitrary PHP files from the local system using directory traversal sequences with URL-encoded NULL byte, read arbitrary files or execute arbitrary PHP code on the target system. Affected Software/OS: Exponent CMS version 2.2.0 beta 3 and prior Solution: Update to Exponent CMS 2.2.0 Release Candidate 1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3294 Bugtraq: 20130515 Multiple Vulnerabilities in Exponent CMS (Google Search) http://seclists.org/bugtraq/2013/May/57 http://packetstormsecurity.com/files/121643/Exponent-CMS-2.2.0-Beta-3-LFI-SQL-Injection.html https://www.htbridge.com/advisory/HTB23154 http://osvdb.org/93447 XForce ISS Database: exponentcms-cve20133294-index-sql-injection(84300) https://exchange.xforce.ibmcloud.com/vulnerabilities/84300 Common Vulnerability Exposure (CVE) ID: CVE-2013-3295
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.