Description
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
References (1)
Core 1
Core References
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23154
Scores
EPSS
0.0183
EPSS Percentile
76.3%
Details
CWE
CWE-22
Status
published
Products (1)
exponentcms/exponent_cms
< 2.2.0
Published
Dec 30, 2014
Tracked Since
Feb 18, 2026