CVE-2016-9272 Information
Feb 14, 2021
cve
Description
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0 with the rerank array parameter can lead to site database information disclosure and denial of service.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Reference
http://www.securityfocus.com/bid/94261 https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-sql-injection-vulnerability-in-exponent-cms-240-4 https://exponentcms.lighthouseapp.com/projects/61783/tickets/1395-blind-sql-injection-vulnerability-in-exponent-cms-240-5 https://github.com/exponentcms/exponent-cms/commit/fffb2038de4c603931b785a4c3ec69cfd06181ba
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
HIGH
Base Severity
9.1
Share on: