CVE-2016-7782

CVE-2016-7782

EPSS 2.6%

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html http://seclists.org/fulldisclosure/2016/Nov/12 http://www.securityfocus.com/bid/97210