High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Exponent CMS, which can be exploited to execute arbitrary SQL commands in the database of vulnerable application and execute arbitrary PHP code on the vulnerable system.
SQL Injection in Exponent CMS: CVE-2013-3294
The vulnerability exists due to insufficient filtration of "src" and "username" HTTP GET parameters passed to "/index.php" script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database.
PHP File Inclusion in Exponent CMS: CVE-2013-3295
The vulnerability is caused by improper filtration of user-supplied input passed via the "page" HTTP GET parameter to "/install/popup.php" script, which is publicly accessible after CMS installation by default. A remote unauthenticated attacker can include arbitrary PHP files from the local system using directory traversal sequences with URL-encoded NULL byte, read arbitrary files or execute arbitrary PHP code on the target system.
Also Proof-of-Concept (POC) provided in advisory.
Solution:
Fixed by Vendor, Upgrade to Exponent CMS v2.2.0 Release Candidate 1
References:
[1] High-Tech Bridge Advisory HTB23154: Multiple Vulnerabilities in Exponent CMS.
[2] Exponent CMS - Exponent is a website content management system (or CMS) that allows site owners to easily create and manage dynamic websites without necessarily directly coding web pages, or managing site navigation.
No comments:
Post a Comment