CVE-2016-9135

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-9135

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9135.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9135

Published

2016-11-03T10:59:12.230Z

Modified

2026-03-14T09:23:28.938882Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.

References

Affected packages

Git / github.com/exponentcms/exponent-cms

Affected ranges

Type

GIT

Repo

https://github.com/exponentcms/exponent-cms

Events

Introduced

Last affected

e4f3d5129dac15d1d634008f504055e2cf062c65

Fixed

d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.9"
        }
    ]
}

Affected versions

Other

Beta1

beta1.*

beta1.1

v2.*

v2.0.0

v2.0.0.beta2

v2.0.0.beta2.1

v2.0.0.beta3

v2.0.0.beta4

v2.0.0.release-candidate1

v2.0.0.release-candidate2

v2.0.1

v2.0.1patch1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.5patch1

v2.0.6

v2.0.6patch1

v2.0.6patch2

v2.0.7

v2.0.8

v2.0.8patch1

v2.0.8patch2

v2.0.9

v2.0.9patch1

v2.0.9patch2

v2.0.9patch3

v2.0.9patch4

v2.0.9patch5

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.4patch1

v2.2.0

v2.2.0alpha1

v2.2.0alpha2

v2.2.0alpha3

v2.2.0beta1

v2.2.0beta3

v2.2.0patch1

v2.2.0patch2

v2.2.0patch3

v2.2.0patch4

v2.2.0patch5

v2.2.1

v2.2.2

v2.2.2patch1

v2.2.2patch2

v2.2.3

v2.2.3patch1

v2.2.3patch2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9135.json"