CVE-2016-7095
CRITICALExponentcms Exponent Cms < 2.3.8 - Unrestricted File Upload
Title source: ruleDescription
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94121
Vendor Advisory x_refsource_confirm
http://www.exponentcms.org/news/security-vulnerability-all-exponent-versions-june-2016
Release Notes x_refsource_confirm
https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0
Scores
CVSS v3
9.8
EPSS
0.0120
EPSS Percentile
79.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
exponentcms/exponent_cms
< 2.3.8
Published
Nov 03, 2016
Tracked Since
Feb 18, 2026