SQL Injection Vulnerability in Exponent CMS by Exponent

CVE-2016-8897

What is CVE-2016-8897?

Exponent CMS version 2.3.9 contains an SQL injection vulnerability located in framework/modules/help/controllers/helpController.php. This flaw allows attackers to manipulate SQL queries via user input, potentially leading to unauthorized access and data breaches. Prompt remediation is recommended to mitigate risks associated with this vulnerability.

References