CVE-2016-9025

moderate-risk
Published 2020-12-31

Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.

Do I need to act?

-
0.61% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 6f21094f2ff194b442a604b5fd23dcebea8b8cc5, a8efd9ca71fc9b8b843ad0910d435d237482ee31
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Exponentcms

References (4)

Patch https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b...
Patch https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435...
Patch https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b...
Patch https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435...
39
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal