CVE-2016-9288

Name of the Vulnerable Software and Affected Versions Exponent CMS versions 2.4.0 and earlier

Description The issue concerns a SQL injection problem. Specifically, the target parameter of the DragnDropReRank function in the navigationController.php file is used directly without filtration, allowing for potential SQL injection attacks. The payload for exploitation can be crafted to target the /navigation/DragnDropReRank/target/1 endpoint.

Recommendations For Exponent CMS versions 2.4.0 and earlier, as a temporary workaround, consider disabling the DragnDropReRank function until a patch is available. Restrict access to the /navigation/DragnDropReRank endpoint to minimize the risk of exploitation. Avoid using the target parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.