CVE-2016-9182
Last modified
CVE-2016-9182 is a vulnerability of currently unknown severity. Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. EPSS estimates a 1.41% chance of exploitation in the next 30 days.
Description
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Exponentcms | Exponent Cms | 2.4.0 |
References
- http://www.securityfocus.com/bid/94227Third Party Advisory
- https://github.com/exponentcms/exponent-cms/commit/684d79424f768db8bb345d5c68aa2a886239492bIssue Tracking, Patch, Third Party Advisory
- http://www.securityfocus.com/bid/94227Third Party Advisory
- https://github.com/exponentcms/exponent-cms/commit/684d79424f768db8bb345d5c68aa2a886239492bIssue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-9182?
How severe is CVE-2016-9182?
How do I fix CVE-2016-9182?
Are you affected by CVE-2016-9182?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST