Disclose 10 * cve in Exponent CMS [CVE-2016-7780] > In the line 42 of cron/find_help.php , $_GET['version'] can be > controlled and injected. It is possible to time-based blind SQL Inject > by the param of "version". fix: http://ift.tt/2f1bIr0 [CVE-2016-7781] > In the line 387 function getUserByName of > ./framework/modules/users/models/user.php , $name can be controlled and > injected. It is possible to time-based blind SQL Inject by the param of > "author". fix: In the line 169 of framework/modules/blog/controllers/blogController.php , $this->params['author'] has been escaped. http://ift.tt/2fbnFNP [CVE-2016-7782] > In the line 33 of ./framework/core/models/expConfig.php , > $this->location_data can be controlled and injected. It is possible to > time-based blind SQL Inject by the param of "src". fix:http://ift.tt/2fi0dut [CVE-2016-7783] > In the line 118 of ./framework/core/models/expRecord.php , $params can > be controlled and injected. It is possible to boolean-based and > time-based blind SQL Inject by the param of "title" . fix:http://ift.tt/2enNs43 [CVE-2016-7784] > This bug was found in the framework/core/subsystems/expRouter.php > It is possible to inject SQL code in the function getSection by > $_REQUEST['section']. fix:http://ift.tt/2fhXOQH [CVE-2016-7788] >In Exponent CMS <=2.3.9, In the line 74 of ./framework/modules/users/models/user.php , $username > can be controlled and injected.It is possible to time-based blind SQL > Inject by the param of "username". fix: In the line 127 of file framework/modules/users/controllers/loginController.php. http://ift.tt/2fbnFNP [CVE-2016-7789] >In Exponent CMS <=2.3.9, framework/modules/eaas/controllers/eaasController.php , $key can be > controlled. And in the line 33 of framework/core/models/expConfig.php, > $this->location_data can be controlled and injected. It is possible to > boolean-based blind SQL Inject by the param of apikey. fix:http://ift.tt/2fi0dut [CVE-2016-9019] > In Exponent CMS <=2.3.9, in the function activate_address of the file > framework/modules/addressbook/controllers/addressController.php, > $this->params['is_what'] can be controlled and injected. It is possible > to do time-based SQL inject by the param 'is_what'. fix:http://ift.tt/2fi0dut [CVE-2016-9020] > In exponentcms <=2.3.9, in the line 125 of file > framework/modules/help/controllers/helpController.php, > $this->params['version'] can be controlled and injected. it is possible > to SQL injection by the param of 'version'. Fix: In the line 55 of framework/modules/help/models/help_version.php , $version has been escaped by function expString::escape. http://ift.tt/2fbnFNP [CVE-2016-9087] > In exponentcms <=2.3.9, in the line 94 of file > framework/modules/filedownloads/controllers/filedownloadController.php, > $this->param['fileid'] can be controlled and injected. It is possible > to SQL inject by param fileid. Fix: In the line 94 of file framework/modules/filedownloads/controllers/filedownloadController.php , $this->params['fileid'] has been escaped by function expString::escape. http://ift.tt/2fbnFNP Reported By web-Obfuscator in dbappsecurity
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment