SecuritySpace - CVE-2017-5879

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2017-5879

Description: An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.

Test IDs: 1.3.6.1.4.1.25623.1.0.108077

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-5879
BugTraq ID: 96039
http://www.securityfocus.com/bid/96039
https://github.com/exponentcms/exponent-cms/issues/73

CVE ID:	CVE-2017-5879
Description:	An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.
Test IDs:	1.3.6.1.4.1.25623.1.0.108077
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5879 BugTraq ID: 96039 http://www.securityfocus.com/bid/96039 https://github.com/exponentcms/exponent-cms/issues/73