Peng Hua

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.3.9 **Description** The issue is related to a sql injection vulnerability. It affects the cartController.php file in the ecommerce module of the framework. **Recommendations** For Exponent CMS version 2.3.9, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.3.9 **Description** The issue is related to an Object Injection vulnerability in the expTagController.php file, specifically in the change tags function. This vulnerability is located in the framework/modules/core/controllers directory of the Exponent CMS. **Recommendations** For Exponent CMS version 2.3.9, consider disabling the change tags function in the expTagController.php file as a temporary workaround until a patch is available. Restrict access to the expTagController.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.3.9 **Description** The issue is related to a sql injection vulnerability. It is located in the framework/modules/help/controllers/helpController.php file. **Recommendations** For Exponent CMS version 2.3.9, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.3.9 **Description** The issue is related to an Object Injection vulnerability in the expCatController.php file, specifically in the change cats function of the core controllers module in the framework. **Recommendations** For Exponent CMS version 2.3.9, consider restricting access to the vulnerable expCatController.php file until a patch is available. As a temporary workaround, avoid using the change cats function in the expCatController.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.3.9 **Description** The issue concerns a remote code execution problem. It is possible for an attacker to upload a `php` file through the "uploader paste.php" script, then overwrite the "/framework/conf/config.php" file. This can lead to arbitrary code execution. The vulnerable endpoint is "/install/index.php". **Recommendations** For Exponent CMS version 2.3.9, as a temporary workaround, consider disabling the "/install/index.php" endpoint and restricting access to the "uploader paste.php" script until a patch is available. Avoid using the uploader paste.php script in the affected version to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.