CVE-2016-7784

Published: 2017-03-07T16:59Z

Last Modified: 2024-11-21T02:58Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt