Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.

Security Vulnerability - All Exponent Versions - October 2016

There are several security vulnerabilities in all versions of Exponent 2.x found in September and October, 2016, reported by a number of individuals including:Manuel Garcia Cardenas, the PKAV TEAM, fyth, felixk3y, DM_, obfusor, xiaoL, ylgaaaaa, Tomato, wooeast, and xiojunjie, These vulnerabilities could allow possible SQL injections, remote file exploits, RCE, XSS, changes to configurations, and other issues. They have been present in all versions of Exponent (2.x). The fix is:

  • Update to the latest version (v2.4.0) which was released October 28th. This is the only version of Exponent which will receive these fixes, and it is now the only supported version of Exponent (at this time). All Exponent installations should be upgraded to v2.4.0 (or later) as soon as practical.
  • There is no manual method,
Sign In or Register to comment.