#1322 ✓resolved
Sachin Wagh

Exponent CMS → 2.3.5: Administrators may be able to edit super-administrator profiles

Reported by Sachin Wagh | December 25th, 2015 @ 08:14 PM | in 2.3.7 (closed)


Vulnerability Type : Exponent CMS → 2.3.5: Parameter Tampering Information Disclosure
Vulnerable Version : 2.3.5
Severity: Medium
Author – Sachin Wagh (@tiger_tigerboy)


Exponent CMS is prone to a Parameter Tampering Information Disclosure because it fails to sanitize user-supplied input.By changing the value it is possible to see any user information such as superadmin and it is also possible to guess how many user are exist.

Credits & Authors
Sachin Wagh (@tiger_tigerboy)

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket