9 lines
No EOL
573 B
Text
9 lines
No EOL
573 B
Text
source: http://www.securityfocus.com/bid/47757/info
|
|
|
|
Exponent CMS is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability.
|
|
|
|
An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.
|
|
|
|
Exponent CMS 2.0.0 beta 1.1 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/exponent/content_selector.php?controller=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00§ion=&action= |