Vulnerability Details CVE-2016-9272
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://www.securityfocus.com/bid/94261
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-sql-injection-vulnerability-in-exponent-cms-240-4
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1395-blind-sql-injection-vulnerability-in-exponent-cms-240-5
- https://github.com/exponentcms/exponent-cms/commit/fffb2038de4c603931b785a4c3ec69cfd06181ba
- http://www.securityfocus.com/bid/94261
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-sql-injection-vulnerability-in-exponent-cms-240-4
- https://exponentcms.lighthouseapp.com/projects/61783/tickets/1395-blind-sql-injection-vulnerability-in-exponent-cms-240-5
- https://github.com/exponentcms/exponent-cms/commit/fffb2038de4c603931b785a4c3ec69cfd06181ba
Products affected by CVE-2016-9272
-
cpe:2.3:a:exponentcms:exponent_cms:0.97.0
-
cpe:2.3:a:exponentcms:exponent_cms:0.98.0
-
cpe:2.3:a:exponentcms:exponent_cms:0.99.0
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.0
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.1
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.2
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.3
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.4
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.5
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.6
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.7
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.8
-
cpe:2.3:a:exponentcms:exponent_cms:2.0.9
-
cpe:2.3:a:exponentcms:exponent_cms:2.1.0
-
cpe:2.3:a:exponentcms:exponent_cms:2.1.1
-
cpe:2.3:a:exponentcms:exponent_cms:2.1.2
-
cpe:2.3:a:exponentcms:exponent_cms:2.1.3
-
cpe:2.3:a:exponentcms:exponent_cms:2.1.4
-
cpe:2.3:a:exponentcms:exponent_cms:2.1.5
-
cpe:2.3:a:exponentcms:exponent_cms:2.2.0
-
cpe:2.3:a:exponentcms:exponent_cms:2.2.1
-
cpe:2.3:a:exponentcms:exponent_cms:2.2.2
-
cpe:2.3:a:exponentcms:exponent_cms:2.2.3
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.0
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.1
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.2
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.3
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.4
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.5
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.6
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.7
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.8
-
cpe:2.3:a:exponentcms:exponent_cms:2.3.9
-
cpe:2.3:a:exponentcms:exponent_cms:2.4.0