CVE-2016-7400

CRITICAL

Exponent CMS < 2.3.9 - SQL Injection via id, title, or content_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7400. PoCs published by Manuel García Cárdenas.

AI-analyzed exploit summary The document describes a Blind SQL Injection vulnerability in Exponent CMS <= v2.3.9, providing proof-of-concept URLs for exploitation. It includes technical details, affected versions, and references to vendor fixes.

Description

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.

Exploits (1)

exploitdb WRITEUP

by Manuel García Cárdenas · textwebappsphp

https://www.exploit-db.com/exploits/40412

View Code ZIP pw:eip

The document describes a Blind SQL Injection vulnerability in Exponent CMS <= v2.3.9, providing proof-of-concept URLs for exploitation. It includes technical details, affected versions, and references to vendor fixes.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Exponent CMS <= v2.3.9

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK