Kyohpc

**Name of the Vulnerable Software and Affected Versions** Exponent CMS versions 2.4.0 and earlier **Description** The issue concerns a SQL injection problem. Specifically, the `target` parameter of the `DragnDropReRank` function in the `navigationController.php` file is used directly without filtration, allowing for potential SQL injection attacks. The payload for exploitation can be crafted to target the `/navigation/DragnDropReRank/target/1` endpoint. **Recommendations** For Exponent CMS versions 2.4.0 and earlier, as a temporary workaround, consider disabling the `DragnDropReRank` function until a patch is available. Restrict access to the `/navigation/DragnDropReRank` endpoint to minimize the risk of exploitation. Avoid using the `target` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.