CVE-2016-7783

Name of the Vulnerable Software and Affected Versions Exponent CMS versions 2.3.9 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the title parameter. This can lead to unauthorized access and manipulation of database content.

Recommendations For Exponent CMS versions 2.3.9 and earlier, update to a version later than 2.3.9 to resolve the issue. As a temporary workaround, consider restricting access to the expRecord.php model to minimize the risk of exploitation. Avoid using the title parameter in affected API endpoints until the issue is resolved.