framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote malicious users to read address information, as demonstrated by an address/show/id/1 URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exponentcms exponent cms 2.4.0 |