Short Name |
HTTP:SQL:EXPONENT-CMS-INJ |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Exponent CMS eaasController.php api Function SQL Injection |
Release Date |
2017/05/05 |
Update Number |
2886 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A SQL injection vulnerability has been reported in Exponent CMS. Successful exploitation could result in the execution of arbitrary SQL commands on the target server.
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.