Exponent CMS SQL Injection Vulnerability (CNVD-2016-10804)
Exponent is a web content management system. Multiple SQL injection vulnerabilities exist in the framework/modules/core/controllers/expRatingController.php/update method in Exponent CMS version 2.4.0, which can be exploited by an authenticated remote user to execute arbitrary SQL commands via the...