Description
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/exponentcms/exponent-cms/issues/1546
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://fluidattacks.com/advisories/dylan/
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460
Scores
CVSS v3
7.2
EPSS
0.0458
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
exponentcms/exponent_cms
2.6.0 patch2
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026