CVE-2016-9182

Published: Nov 4, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.

Affected (1)

Products: Exponentcms: Exponent Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Exponentcms Exponent Cms	Version 2.4.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www.securityfocus.com/bid/94227

Source: cve@mitre.org

Third Party Advisory

https://github.com/exponentcms/exponent-cms/commit/684d79424f768db8bb345d5c68aa2a886239492b

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.securityfocus.com/bid/94227

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/exponentcms/exponent-cms/commit/684d79424f768db8bb345d5c68aa2a886239492b

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.