|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-06-02 | |
| Rule Name: | Exponent CMS Eaascontroller.php Api Function SQL Injection Vulnerability -2 (CVE-2017-7991) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | http://seclists.org/fulldisclosure/2017/Apr/78 https://gist.github.com/404notf0und/ab59234d71fbf35b4926ffd646324f29 https://packetstormsecurity.com/files/142258/Exponent-CMS-2.4.1-SQL-Injection.html |
|
| Solutions |
|---|
| No information about possible solutions is published. Please use an alternative product to substitude the affected software. |