CVE-2016-8898

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-8898
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-8898
Published
2019-05-24T17:29:00.850Z
Modified
2026-04-10T03:53:58.674213Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.

References

Affected packages

Git / github.com/exponentcms/exponent-cms

Affected ranges

Type
GIT
Repo
https://github.com/exponentcms/exponent-cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e4f3d5129dac15d1d634008f504055e2cf062c65
Fixed
99636b2118cd9af4eb9920f6b6c228bd824593d2
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.9"
        }
    ]
}

Affected versions

Other
Beta1
beta1.*
beta1.1
v2.*
v2.0.0
v2.0.0.beta2
v2.0.0.beta2.1
v2.0.0.beta3
v2.0.0.beta4
v2.0.0.release-candidate1
v2.0.0.release-candidate2
v2.0.1
v2.0.1patch1
v2.0.2
v2.0.3
v2.0.9
v2.0.9patch1
v2.0.9patch2
v2.0.9patch3
v2.0.9patch4
v2.0.9patch5
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.2.0
v2.2.0patch1
v2.2.0patch2
v2.2.0patch3
v2.2.0patch4
v2.2.0patch5
v2.2.1
v2.2.2
v2.2.2patch1
v2.2.2patch2
v2.2.3
v2.2.3patch1
v2.2.3patch2
v2.2.3patch3
v2.2.3patch4
v2.3.0
v2.3.0patch1
v2.3.0patch2
v2.3.0patch3
v2.3.0patch4
v2.3.1
v2.3.1patch4
v2.3.2
v2.3.2patch1
v2.3.2patch2
v2.3.3
v2.3.3patch1
v2.3.4
v2.3.4patch1
v2.3.5
v2.3.5patch1
v2.3.5patch2
v2.3.6
v2.3.7
v2.3.7patch1
v2.3.7patch2
v2.3.7patch3
v2.3.7patch4
v2.3.8
v2.3.8patch1
v2.3.8patch2
v2.3.8patch3
v2.3.8patch4
v2.3.8patch5
v2.3.8patch6
v2.3.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8898.json"