CVE-2016-9020

Name of the Vulnerable Software and Affected Versions Exponent CMS versions 2.3.9 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the version parameter in the helpController.php file, which is part of the Exponent CMS framework.

Recommendations For Exponent CMS versions 2.3.9 and earlier, update to a version later than 2.3.9 to resolve the issue. As a temporary workaround, consider restricting access to the helpController.php file or avoiding the use of the version parameter in the affected API endpoint until a patch is available.