CVE-2016-9025 Information

Description

Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31 https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8