Exponent · Exponent Cms · CVE-2016-7789
**Name of the Vulnerable Software and Affected Versions**
Exponent CMS versions 2.3.9 and earlier
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `apikey` parameter.
**Recommendations**
For Exponent CMS versions 2.3.9 and earlier, update to a version later than 2.3.9 to resolve the issue.