Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
PHP
SQLi
Exponent Cms
NVD
GitHub
CVSS 3.0
8.8
EPSS
0.4%