Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote malicious users to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exponent exponent cms 0.96.3 |