Xiojunjie

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.3.9 **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters in the `sc` array parameter of the install/index.php file. **Recommendations** For Exponent CMS version 2.3.9, consider restricting access to the install/index.php file until a patch is available. As a temporary workaround, avoid using the `sc` array parameter in the install/index.php file to minimize the risk of exploitation.