9.8
CVSSv3

CVE-2016-7400

Published: 07/02/2017 Updated: 21/11/2024

Vulnerability Summary

Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exponentcms exponent cms

Exploits

============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 (CVSS Base Score) - CVE-ID: CVE-2016-7400 ============================================= I VULNERABILITY ------------------------- Blind SQL Inj ...
Exponent CMS versions 239 and below suffer from a remote blind SQL injection vulnerability ...