ExponentCMS v2.6.0 unauthticate sql injection

Question

Closed this issue 3 years ago · 3 comments

I found an unauthticate sql injection for ExponentCMS v2.6.0 (the latest version at this time), for more details.
https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md

Answer 1 · 2021-05-06T14:32:23.000Z

I have a fix, have you opened a CVE report?

Answer 2 · 2021-05-07T06:53:51.000Z

Not yet, it is in processing

Answer 3 · 2021-05-07T12:57:10.000Z

Fix Commit 34dd490