Exponent Security Vulnerability Notification
Reported by High-Tech Bridge Security Research Lab | January 13th, 2016 @ 04:13 PM | in 2.3.8 (closed)
Hello,
High-Tech Bridge Security Research Lab has discovered a security vulnerability in Exponent.
Preview available here: https://www.htbridge.com/advisory/HTB23290
Developers can contact us by email for details: advisory (at) htbridge.com
For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html
Best regards,
High-Tech Bridge Security Research Lab
Comments and changes to this ticket
-
dleffler January 13th, 2016 @ 07:38 PM
- State changed from “new” to “resolved”
- Tag set to “security”
- Assigned user changed from “expNinja” to “dleffler”
- Milestone set to “2.3.8”
The best immediate fix is to rename or remove the /install folder. This vulnerability is resolved in an upcoming v2.3.7 patch #3 release.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
dleffler
expNinja