Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:SQL:EXPONENT-CMS-INJ
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Exponent CMS eaasController.php api Function SQL Injection
Release Date	2017/05/05
Update Number	2886
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Exponent CMS eaasController.php api Function SQL Injection

A SQL injection vulnerability has been reported in Exponent CMS. Successful exploitation could result in the execution of arbitrary SQL commands on the target server.

Extended Description

Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.

Affected Products

Exponentcms exponent_cms 2.4.1

References

CVE: CVE-2017-7991

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Exponent CMS eaasController.php api Function SQL Injection

Extended Description

Affected Products

References