CVE-2016-7791

Published: Jan 12, 2017Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.

Affected (1)

Products: Exponentcms: Exponent Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Exponentcms Exponent Cms	Version 2.3.9

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.openwall.com/lists/oss-security/2016/09/29/11

Source: cve@mitre.org

ExploitMailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/93119

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2016/09/29/11

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/93119

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.