#1345 ✓resolved
High-Tech Bridge Security Research Lab

Exponent Security Vulnerability Notification

Reported by High-Tech Bridge Security Research Lab | January 13th, 2016 @ 04:13 PM | in 2.3.8 (closed)

Hello,

High-Tech Bridge Security Research Lab has discovered a security vulnerability in Exponent.

Preview available here: https://www.htbridge.com/advisory/HTB23290

Developers can contact us by email for details: advisory (at) htbridge.com

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html

Best regards,
High-Tech Bridge Security Research Lab

Comments and changes to this ticket

  • dleffler

    dleffler January 13th, 2016 @ 07:38 PM

    • State changed from “new” to “resolved”
    • Tag set to security
    • Assigned user changed from “expNinja” to “dleffler”
    • Milestone set to 2.3.8

    The best immediate fix is to rename or remove the /install folder. This vulnerability is resolved in an upcoming v2.3.7 patch #3 release.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

Tags

Pages