Critical severity9.8NVD Advisory· Published Mar 7, 2017· Updated May 13, 2026

CVE-2016-7784

Description

SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.htmlnvdPatchThird Party Advisory
seclists.org/fulldisclosure/2016/Nov/12nvdPatchThird Party Advisory
github.com/exponentcms/exponent-cms/commit/1965e3719986406576898668855b8afbab43ed2cnvdPatch
www.securityfocus.com/bid/97232nvd
www.securitytracker.com/id/1037252nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000