PatchSiren cyber security CVE debrief
CVE-2017-5879 Exponentcms CVE debrief
CVE-2017-5879 is a critical unauthenticated blind SQL injection affecting Exponent CMS 2.4.1. The flaw is in source_selector.php and can be triggered with an HTTP GET request against the src parameter; NVD also notes out-of-band data exfiltration using techniques such as select_loadfile().
- Vendor
- Exponentcms
- Product
- CVE-2017-5879
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-06
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-06
- Advisory updated
- 2026-05-13
Who should care
Administrators and operators of Exponent CMS 2.4.1, especially if the instance is internet-facing. Security teams, application owners, and database administrators should also review exposure because the issue is unauthenticated and can lead to database disclosure.
Technical summary
NVD classifies the weakness as CWE-89 with CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The affected component is source_selector.php, and the vulnerable input is the src parameter. Because the issue is reachable over HTTP GET without authentication, it presents a high-risk remote attack surface and may allow blind SQL injection with out-of-band data leakage.
Defensive priority
Urgent
Recommended defensive actions
- Confirm whether Exponent CMS 2.4.1 is deployed anywhere in your environment, including legacy or externally hosted instances.
- Use the vendor issue tracker reference associated with issue 73 to verify the patch or remediation status before re-exposing the application.
- Upgrade or replace any affected Exponent CMS 2.4.1 deployment with a fixed version or a supported alternative as soon as possible.
- Restrict or remove public access to the affected application until remediation is complete.
- Review web logs for requests to source_selector.php and unusual patterns involving the src parameter.
- Audit database credentials and privileges used by the application, and rotate secrets if exposure is suspected.
- If database or application access is compromised, validate integrity of affected data and review for unauthorized exports or other signs of SQL injection abuse.
Evidence notes
The debrief is based on the official NVD record and the linked vendor/third-party references supplied in the source corpus. The CVE was published on 2017-02-06 and later modified on 2026-05-13; that later date reflects record maintenance, not the original vulnerability date. The supplied corpus does not include a fixed version number, so remediation guidance is limited to confirming the referenced patch and eliminating exposure to the affected version.
Official resources
-
CVE-2017-5879 CVE record
CVE.org
-
CVE-2017-5879 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory
Officially published in the CVE/NVD record on 2017-02-06. The NVD record was later modified on 2026-05-13, but that does not change the original disclosure date.