SecuritySpace - CVE-2016-9481

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-9481

Description: In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-9481
BugTraq ID: 94590
http://www.securityfocus.com/bid/94590
http://www.pang0lin.com/?p=1076
http://www.securitytracker.com/id/1037368

CVE ID:	CVE-2016-9481
Description:	In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9481 BugTraq ID: 94590 http://www.securityfocus.com/bid/94590 http://www.pang0lin.com/?p=1076 http://www.securitytracker.com/id/1037368