CVE-2017-18213
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
Date published : 2018-03-03
http://www.exponentcms.org/news/patch-6-released-for-v2-4-1-to-fix-a-few-big-issues
https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.1patch6