CVE-2016-9019

2017-03-07T11:59:01
ID CVE-2016-9019
Type cve
Reporter NVD
Modified 2017-03-31T21:59:00

Description

SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.