Home > Vulnerability Database > CVE-2016-9182

Mend.io Vulnerability Database

CVE-2016-9182

Good to know:

Date: November 4, 2016

Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.

Language: PHP

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-9182

Url: http://www.securityfocus.com/bid/94227

Url: https://github.com/exponentcms/exponent-cms/commit/684d79424f768db8bb345d5c68aa2a886239492b

Url: https://www.mend.io/vulnerability-database/CVE-2016-9182

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v2.4.1patch1

Learn More

CVSS v3

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-9182

Good to know:

Date: November 4, 2016

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?