CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-9288

In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2016-9288

Exponentcms » Exponent Cms » Version: 0.97.0

cpe:2.3:a:exponentcms:exponent_cms:0.97.0
Exponentcms » Exponent Cms » Version: 0.98.0

cpe:2.3:a:exponentcms:exponent_cms:0.98.0
Exponentcms » Exponent Cms » Version: 0.99.0

cpe:2.3:a:exponentcms:exponent_cms:0.99.0
Exponentcms » Exponent Cms » Version: 2.0.0

cpe:2.3:a:exponentcms:exponent_cms:2.0.0
Exponentcms » Exponent Cms » Version: 2.0.1

cpe:2.3:a:exponentcms:exponent_cms:2.0.1
Exponentcms » Exponent Cms » Version: 2.0.2

cpe:2.3:a:exponentcms:exponent_cms:2.0.2
Exponentcms » Exponent Cms » Version: 2.0.3

cpe:2.3:a:exponentcms:exponent_cms:2.0.3
Exponentcms » Exponent Cms » Version: 2.0.4

cpe:2.3:a:exponentcms:exponent_cms:2.0.4
Exponentcms » Exponent Cms » Version: 2.0.5

cpe:2.3:a:exponentcms:exponent_cms:2.0.5
Exponentcms » Exponent Cms » Version: 2.0.6

cpe:2.3:a:exponentcms:exponent_cms:2.0.6
Exponentcms » Exponent Cms » Version: 2.0.7

cpe:2.3:a:exponentcms:exponent_cms:2.0.7
Exponentcms » Exponent Cms » Version: 2.0.8

cpe:2.3:a:exponentcms:exponent_cms:2.0.8
Exponentcms » Exponent Cms » Version: 2.0.9

cpe:2.3:a:exponentcms:exponent_cms:2.0.9
Exponentcms » Exponent Cms » Version: 2.1.0

cpe:2.3:a:exponentcms:exponent_cms:2.1.0
Exponentcms » Exponent Cms » Version: 2.1.1

cpe:2.3:a:exponentcms:exponent_cms:2.1.1
Exponentcms » Exponent Cms » Version: 2.1.2

cpe:2.3:a:exponentcms:exponent_cms:2.1.2
Exponentcms » Exponent Cms » Version: 2.1.3

cpe:2.3:a:exponentcms:exponent_cms:2.1.3
Exponentcms » Exponent Cms » Version: 2.1.4

cpe:2.3:a:exponentcms:exponent_cms:2.1.4
Exponentcms » Exponent Cms » Version: 2.1.5

cpe:2.3:a:exponentcms:exponent_cms:2.1.5
Exponentcms » Exponent Cms » Version: 2.2.0

cpe:2.3:a:exponentcms:exponent_cms:2.2.0
Exponentcms » Exponent Cms » Version: 2.2.1

cpe:2.3:a:exponentcms:exponent_cms:2.2.1
Exponentcms » Exponent Cms » Version: 2.2.2

cpe:2.3:a:exponentcms:exponent_cms:2.2.2
Exponentcms » Exponent Cms » Version: 2.2.3

cpe:2.3:a:exponentcms:exponent_cms:2.2.3
Exponentcms » Exponent Cms » Version: 2.3.0

cpe:2.3:a:exponentcms:exponent_cms:2.3.0
Exponentcms » Exponent Cms » Version: 2.3.1

cpe:2.3:a:exponentcms:exponent_cms:2.3.1
Exponentcms » Exponent Cms » Version: 2.3.2

cpe:2.3:a:exponentcms:exponent_cms:2.3.2
Exponentcms » Exponent Cms » Version: 2.3.3

cpe:2.3:a:exponentcms:exponent_cms:2.3.3
Exponentcms » Exponent Cms » Version: 2.3.4

cpe:2.3:a:exponentcms:exponent_cms:2.3.4
Exponentcms » Exponent Cms » Version: 2.3.5

cpe:2.3:a:exponentcms:exponent_cms:2.3.5
Exponentcms » Exponent Cms » Version: 2.3.6

cpe:2.3:a:exponentcms:exponent_cms:2.3.6
Exponentcms » Exponent Cms » Version: 2.3.7

cpe:2.3:a:exponentcms:exponent_cms:2.3.7
Exponentcms » Exponent Cms » Version: 2.3.8

cpe:2.3:a:exponentcms:exponent_cms:2.3.8
Exponentcms » Exponent Cms » Version: 2.3.9

cpe:2.3:a:exponentcms:exponent_cms:2.3.9
Exponentcms » Exponent Cms » Version: 2.4.0

cpe:2.3:a:exponentcms:exponent_cms:2.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-9288

Products

Pricing

Contact Us