{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-26T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0"}, {"name": "94121", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94121"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.exponentcms.org/news/security-vulnerability-all-exponent-versions-june-2016"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7095", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0", "refsource": "CONFIRM", "url": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0"}, {"name": "94121", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94121"}, {"name": "http://www.exponentcms.org/news/security-vulnerability-all-exponent-versions-june-2016", "refsource": "CONFIRM", "url": "http://www.exponentcms.org/news/security-vulnerability-all-exponent-versions-june-2016"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7095", "datePublished": "2016-11-03T10:00:00", "dateReserved": "2016-08-26T00:00:00", "dateUpdated": "2018-02-26T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "42C25790-D1BD-4BD9-988C-5B8C543B8C9D", "versionEndIncluding": "2.3.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution."}, {"lang": "es", "value": "Exponent CMS en versiones anteriores a 2.3.9 es vulnerable a un atacante que sube un archivo de secuencias de comandos malicioso usando redirecci\u00f3n para colocar la secuencia de comandos en una carpeta no protegida, una que permite ejecuci\u00f3n de secuencias de comandos."}], "id": "CVE-2016-7095", "lastModified": "2018-02-27T02:29:00.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-03T10:59:03.700", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.exponentcms.org/news/security-vulnerability-all-exponent-versions-june-2016"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/94121"}, {"source": "cve@mitre.org", "url": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}