CVE-2016-7791 (exponent_cms)

Posted on 2017년 1월 13일2017년 1월 14일 by admin

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil ‘exploit.tar.gz’ file to the website, then extract it by visiting ‘/install/index.php?install_sample=../../files/exploit’, which leads to arbitrary code execution.

Source: CVE-2016-7791 (exponent_cms)

답글 남기기 응답 취소