cpe:/a:exponentcms:exponent_cms:2.0.0 cpe:/a:exponentcms:exponent_cms:2.0.1 cpe:/a:exponentcms:exponent_cms:2.0.2 cpe:/a:exponentcms:exponent_cms:2.0.3 cpe:/a:exponentcms:exponent_cms:2.0.4 cpe:/a:exponentcms:exponent_cms:2.0.4:p3 cpe:/a:exponentcms:exponent_cms:2.0.5 cpe:/a:exponentcms:exponent_cms:2.0.5:p1 cpe:/a:exponentcms:exponent_cms:2.0.6 cpe:/a:exponentcms:exponent_cms:2.0.6:p2 cpe:/a:exponentcms:exponent_cms:2.0.7 cpe:/a:exponentcms:exponent_cms:2.0.8 cpe:/a:exponentcms:exponent_cms:2.0.8:p2 cpe:/a:exponentcms:exponent_cms:2.0.9 cpe:/a:exponentcms:exponent_cms:2.0.9:p5 cpe:/a:exponentcms:exponent_cms:2.1.0:alpha cpe:/a:exponentcms:exponent_cms:2.1.1 cpe:/a:exponentcms:exponent_cms:2.1.2 cpe:/a:exponentcms:exponent_cms:2.1.3 cpe:/a:exponentcms:exponent_cms:2.1.4 cpe:/a:exponentcms:exponent_cms:2.1.4:p11 cpe:/a:exponentcms:exponent_cms:2.2.0 cpe:/a:exponentcms:exponent_cms:2.2.0:p5 cpe:/a:exponentcms:exponent_cms:2.2.1 cpe:/a:exponentcms:exponent_cms:2.2.2 cpe:/a:exponentcms:exponent_cms:2.2.2:p2 cpe:/a:exponentcms:exponent_cms:2.2.3 cpe:/a:exponentcms:exponent_cms:2.2.3:p14 cpe:/a:exponentcms:exponent_cms:2.3.0 cpe:/a:exponentcms:exponent_cms:2.3.0:p4 cpe:/a:exponentcms:exponent_cms:2.3.1 cpe:/a:exponentcms:exponent_cms:2.3.1:p4 cpe:/a:exponentcms:exponent_cms:2.3.2 cpe:/a:exponentcms:exponent_cms:2.3.2:p2 cpe:/a:exponentcms:exponent_cms:2.3.3 cpe:/a:exponentcms:exponent_cms:2.3.3:p1 cpe:/a:exponentcms:exponent_cms:2.3.4 cpe:/a:exponentcms:exponent_cms:2.3.4:p1 cpe:/a:exponentcms:exponent_cms:2.3.5 cpe:/a:exponentcms:exponent_cms:2.3.5:p2 cpe:/a:exponentcms:exponent_cms:2.3.7 cpe:/a:exponentcms:exponent_cms:2.3.8 CVE-2016-2242 2017-01-23T16:59:01.097-05:00 2018-10-09T15:59:39.067-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2017-01-24T12:14:56.267-05:00 BUGTRAQ 20160210 Remote Code Execution in Exponent MISC http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html CONFIRM http://www.exponentcms.org/news/patch-3-released-for-v2-3-7 CONFIRM http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability MISC https://www.htbridge.com/advisory/HTB23290 Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.