CVE-2016-9184

{"id": "CVE-2016-9184", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-11-04T10:59:04.007", "references": [{"url": "http://www.securityfocus.com/bid/94227", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/exponentcms/exponent-cms/commit/0ce8b94d745b818bd207933d9a2e7f32587c2c89", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure."}, {"lang": "es", "value": "En /framework/modules/core/controllers/expHTMLEditorController.php de Exponent CMS 2.4.0, la entrada no confiable se usa para construir un nombre de tabla, y en el m\u00e9todo selectObject en la clase mysqli, los nombres de tabla son envueltos con un car\u00e1cter que los archivos comunes no filtran, permitiendo la inyecci\u00f3n de SQL. El impacto es Information Disclosure."}], "lastModified": "2016-11-29T18:38:18.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:exponentcms:exponent_cms:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFEAA82F-83B2-49B8-B860-2F18C3C66321"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}