CVE-2016-9182

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9182
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9182.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9182
Published
2016-11-04T10:59:01Z
Modified
2025-01-08T10:08:05.010314Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.

References

Affected packages

Git / github.com/exponentcms/exponent-cms

Affected ranges

Type
GIT
Repo
https://github.com/exponentcms/exponent-cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

Beta1

beta1.*

beta1.1

v2.*

v2.0.0
v2.0.0.beta2
v2.0.0.beta2.1
v2.0.0.beta3
v2.0.0.beta4
v2.0.0.release-candidate1
v2.0.0.release-candidate2
v2.0.1
v2.0.1patch1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.5patch1
v2.0.6
v2.0.6patch1
v2.0.6patch2
v2.0.7
v2.0.8
v2.0.8patch1
v2.0.8patch2
v2.0.9
v2.0.9patch1
v2.0.9patch2
v2.0.9patch3
v2.0.9patch4
v2.0.9patch5
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.4patch1
v2.2.0
v2.2.0alpha1
v2.2.0alpha2
v2.2.0alpha3
v2.2.0beta1
v2.2.0beta3
v2.2.0patch1
v2.2.0patch2
v2.2.0patch3
v2.2.0patch4
v2.2.0patch5
v2.2.1
v2.2.2
v2.2.2patch1
v2.2.2patch2
v2.2.3
v2.2.3patch1
v2.2.3patch2