Exponent CMS eaasController.php api Function SQL Injection (CVE-2017-7991)

A SQL injection vulnerability has been reported in Exponent CMS. The vulnerability is due to a lack of input validation on the apikey HTTP parameter by the api function. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page...

Exponent CMS 2.4.1 SQL Injection

CVE-2017-7991-SQL injection-Exponent CMS Suggested description Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php. ------------------------------------------ Additional...