Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Sep 2016 11:52:58 +0800
From: felix k3y <>
Subject: CVE request:Exponent CMS 2.3.9 SQL injection vulnerability

Hi , I reported the following SQL Injection vulnerability to the
ExponentCMS team on Sep 15, 2016:
The "fid" parameter fail to sufficiently sanitize before using it in an SQL
query, In This vulnerability, also lead to  Directory traversal、Remote code
execution vulnerabilities etc..

1) Directory traversal vulnerability'
union select

2) Remote code execution
 i. Upload any legal files through website(.jpg|.gif etc..)
 ii. copy file to evil file(.php etc..)

Proof of concept:'
union select

And Now, The SQL Injection vulnerability have been fixed.

Has a CVE been assigned to this issue already? if not I request that
one is assigned.

penghua #

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.