CVE-2016-7400

Exponent CMS before 2.4.0 is affected by multiple SQL injection vulnerabilities (parameters: id in activate_address, title in show blog, content_id in showComments expComment) that allow remote attackers to execute arbitrary SQL. Official fix released in version 2.4.0; upgrade to 2.4.0 or apply v...

Exponent CMS 2.3.9 Blind SQL Injection

============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400 ============================================= I...