CVE-2016-2242
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-2242
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2242.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-2242
- Published
- 2017-01-23T21:59:01.097Z
- Modified
- 2025-11-20T10:25:49.853280Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
- References
-
- http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability
- http://www.securityfocus.com/archive/1/537499/100/0/threaded
- http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html
- http://www.exponentcms.org/news/patch-3-released-for-v2-3-7
- https://www.htbridge.com/advisory/HTB23290
Affected packages
Git / github.com/exponentcms/exponent-cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/exponentcms/exponent-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected