SecuritySpace - CVE-2016-9184

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-9184

Description: In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-9184
BugTraq ID: 94227
http://www.securityfocus.com/bid/94227

CVE ID:	CVE-2016-9184
Description:	In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9184 BugTraq ID: 94227 http://www.securityfocus.com/bid/94227