News items tagged with "security"
There is a security vulnerability in Exponent 2.x found on August 26, 2016 reported by Balisong which could allow uploaded scripts to be executed. It has been present in all versions of Exponent (2.x). The fix is: (read more)
We've been notified of a security vulnerability which could compromise your Exponent CMS installation. This vulnerability applies to all versions of Exponent 2.x up to v2.3.7 patch #2. The immediate fix is to rename the /install folder to something else, or remove/delete it. Though we've been working hard to close Cross-Site Scripting (XSS) vulnerabilities, this one could be more permanent and seems to result from an anomaly within PHP which allows a string variable to be internally interpreted and processed as an array thereby masking the payload. (read more)