CVE-2016-9282

Name of the Vulnerable Software and Affected Versions Exponent CMS version 2.4.0

Description The issue allows remote attackers to read database information. This is achieved by exploiting the search string parameter in the "action=search&module=search" API endpoint.

Recommendations For Exponent CMS version 2.4.0, consider restricting access to the searchController.php module to minimize the risk of exploitation. Avoid using the search string parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.