Exponent CMS 2.4.1 and previous versions has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exponentcms exponent cms |