404notf0und
/ gist:ab59234d71fbf35b4926ffd646324f29
Created
April 22, 2017 01:58
Exponent CMS-CVE-2017-7991-SQL injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > [Suggested description] | |
| > Exponent CMS 2.4.1 and earlier has SQL injection via a base64 | |
| > serialized API key (apikey parameter) in the api function of | |
| > framework/modules/eaas/controllers/eaasController.php. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Additional Information] |