BID:17357

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

Info

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

Bugtraq ID:	17357
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 03 2006 12:00AM
Updated:	Apr 03 2006 10:43PM
Credit:	The vendor disclosed this vulnerability.
Vulnerable:	Exponent Exponent 0.96 .4 Exponent Exponent 0.96 .1 Exponent Exponent 0.95 Exponent Exponent 0.94

Not Vulnerable:	Exponent Exponent CMS 0.96.5 RC1

Discussion

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

Exponent CMS is prone to an arbitrary script-execution vulnerability. The application fails to properly sanitize user-supplied input to its banner and image-upload portion.

An attacker can include remote script code and execute it in the context of an affected server.

Versions prior to 0.96.5 RC 1 are reported to be vulnerable.

Exploit / POC

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

This issue can be exploited through a web client.

Solution / Fix

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

Solution:
The vendor has released version 0.96.5-RC1 to address this issue.

Exponent Exponent 0.94

Exponent exponent-0.96.5-RC1.tar.gz
http://prdownloads.sourceforge.net/exponent/exponent-0.96.5-RC1.tar.gz

Exponent Exponent 0.95

Exponent exponent-0.96.5-RC1.tar.gz
http://prdownloads.sourceforge.net/exponent/exponent-0.96.5-RC1.tar.gz

Exponent Exponent 0.96 .4

Exponent exponent-0.96.5-RC1.tar.gz
http://prdownloads.sourceforge.net/exponent/exponent-0.96.5-RC1.tar.gz

Exponent Exponent 0.96 .1

Exponent exponent-0.96.5-RC1.tar.gz
http://prdownloads.sourceforge.net/exponent/exponent-0.96.5-RC1.tar.gz

References

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability

References:

Changelog describing version 0.96.5 (Exponent CMS)
Exponent Home Page (Exponent)