NuytsTech Security

CVE-2016-9283

by ·

SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.

Date published : 2016-11-11

http://www.securityfocus.com/bid/94296

https://github.com/exponentcms/exponent-cms/commit/559792be727f4e731bfcb3935f5beec7749e9ce9

Tags: