ExponentCMS v2.6.0 unauthticate sql injection
Closed this issue · 3 comments
pang0lin commented
I found an unauthticate sql injection for ExponentCMS v2.6.0 (the latest version at this time), for more details.
https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md
dleffler commented
I have a fix, have you opened a CVE report?
pang0lin commented
Not yet, it is in processing