Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Exponent_cms | Exponentcms | 2.0.0 (including) | 2.0.0 (including) |
Exponent_cms | Exponentcms | 2.0.1 (including) | 2.0.1 (including) |
Exponent_cms | Exponentcms | 2.0.2 (including) | 2.0.2 (including) |
Exponent_cms | Exponentcms | 2.0.3 (including) | 2.0.3 (including) |
Exponent_cms | Exponentcms | 2.0.4 (including) | 2.0.4 (including) |
Exponent_cms | Exponentcms | 2.0.4-p3 (including) | 2.0.4-p3 (including) |
Exponent_cms | Exponentcms | 2.0.5 (including) | 2.0.5 (including) |
Exponent_cms | Exponentcms | 2.0.5-p1 (including) | 2.0.5-p1 (including) |
Exponent_cms | Exponentcms | 2.0.6 (including) | 2.0.6 (including) |
Exponent_cms | Exponentcms | 2.0.6-p2 (including) | 2.0.6-p2 (including) |
Exponent_cms | Exponentcms | 2.0.7 (including) | 2.0.7 (including) |
Exponent_cms | Exponentcms | 2.0.8 (including) | 2.0.8 (including) |
Exponent_cms | Exponentcms | 2.0.8-p2 (including) | 2.0.8-p2 (including) |
Exponent_cms | Exponentcms | 2.0.9 (including) | 2.0.9 (including) |
Exponent_cms | Exponentcms | 2.0.9-p5 (including) | 2.0.9-p5 (including) |
Exponent_cms | Exponentcms | 2.1.0-alpha (including) | 2.1.0-alpha (including) |
Exponent_cms | Exponentcms | 2.1.1 (including) | 2.1.1 (including) |
Exponent_cms | Exponentcms | 2.1.2 (including) | 2.1.2 (including) |
Exponent_cms | Exponentcms | 2.1.3 (including) | 2.1.3 (including) |
Exponent_cms | Exponentcms | 2.1.4 (including) | 2.1.4 (including) |
Exponent_cms | Exponentcms | 2.1.4-p11 (including) | 2.1.4-p11 (including) |
Exponent_cms | Exponentcms | 2.2.0 (including) | 2.2.0 (including) |
Exponent_cms | Exponentcms | 2.2.0-p5 (including) | 2.2.0-p5 (including) |
Exponent_cms | Exponentcms | 2.2.1 (including) | 2.2.1 (including) |
Exponent_cms | Exponentcms | 2.2.2 (including) | 2.2.2 (including) |
Exponent_cms | Exponentcms | 2.2.2-p2 (including) | 2.2.2-p2 (including) |
Exponent_cms | Exponentcms | 2.2.3 (including) | 2.2.3 (including) |
Exponent_cms | Exponentcms | 2.2.3-p14 (including) | 2.2.3-p14 (including) |
Exponent_cms | Exponentcms | 2.3.0 (including) | 2.3.0 (including) |
Exponent_cms | Exponentcms | 2.3.0-p4 (including) | 2.3.0-p4 (including) |
Exponent_cms | Exponentcms | 2.3.1 (including) | 2.3.1 (including) |
Exponent_cms | Exponentcms | 2.3.1-p4 (including) | 2.3.1-p4 (including) |
Exponent_cms | Exponentcms | 2.3.2 (including) | 2.3.2 (including) |
Exponent_cms | Exponentcms | 2.3.2-p2 (including) | 2.3.2-p2 (including) |
Exponent_cms | Exponentcms | 2.3.3 (including) | 2.3.3 (including) |
Exponent_cms | Exponentcms | 2.3.3-p1 (including) | 2.3.3-p1 (including) |
Exponent_cms | Exponentcms | 2.3.4 (including) | 2.3.4 (including) |
Exponent_cms | Exponentcms | 2.3.4-p1 (including) | 2.3.4-p1 (including) |
Exponent_cms | Exponentcms | 2.3.5 (including) | 2.3.5 (including) |
Exponent_cms | Exponentcms | 2.3.5-p2 (including) | 2.3.5-p2 (including) |
Exponent_cms | Exponentcms | 2.3.7 (including) | 2.3.7 (including) |
Exponent_cms | Exponentcms | 2.3.8 (including) | 2.3.8 (including) |