Version 2.3.9 Released Patch #1 Released for V2.3.9

Security Vulnerability - All Exponent Versions - September 2016

Monday, September 12, 2016 Tags: patch, security

There is a security vulnerability in Exponent 2.x found on September 12, 2016 and reported by Manuel Garcia Cardenas which could allow a possible SQL injection. Although the server and site setup to allow such an attack (in the real world) is very rare, it is none-the-less a vulnerability. It has been present in all versions of Exponent (2.x). The fix is:

Update to the latest version (v2.3.9) and the latest patch (v2.3.9patch1) which will be released around September 13th. This is the recommended fix since it also addresses several security issues and other fixes not addressed in the patches to v2.2.3 nor v2.1.4.
If running a version 2.2.x installation and not wanting to update to the latest version, you should update to v2.2.3 (last release before major version update to v2.3.x) and install its latest patch (v2.2.3patch13). If you are already running v2.2.3, you'll want to install this patch to also correct some other issues.
If running a version prior to v2.2.0 (v2.0.x or v2.1.x) installation and not wanting to update to the latest version, you should update to v2.1.4 (last release before major version update to v2.2.x) and install its latest patch (v2.1.4patch10). If you are already running v2.1.4, you'll want to install this patch.
There is no manual method,

Version 2.3.9 Released Patch #1 Released for V2.3.9

Join the Exponent Community
: Like Exponent CMS on Facebook; Follow Exponent CMS on Twitter

Forum Activity

Jan 01, 2024 @ 06:24 PM by dleffler v3.0.1patch3 released to update v3.0.0rc1/v3.0.1patch1 | Announcements
Jan 01, 2024 @ 06:22 PM by dleffler v2.7.1patch2 released to fix anomalies with v2.7.1 release | Announcements
May 31, 2023 @ 08:52 PM by dleffler v3.0.1patch2 released to update v3.0.0rc1/v3.0.1patch1 | Announcements
May 31, 2023 @ 08:50 PM by dleffler v2.7.1patch1 released to fix anomalies with v2.7.1 release | Announcements
Mar 07, 2023 @ 07:41 PM by dleffler v3.0.1patch1 released to update v3.0.0rc1 to v3.0.1 and fix anomalies with that release | Announcements
Mar 07, 2023 @ 07:14 PM by dleffler v2.7.1patch1 released to fix anomalies with v2.7.1 release | Announcements

File a Bug Report

Help Improve Exponent

Who Did This?

Exponent CMS is written and maintained by Online Innovative Creations (OIC Group, Inc.), a Peoria web design and development company. OIC Group, Inc. specializes in a wide range of web-based solutions for enterprise-level organizations and local businesses in Peoria. Learn more about this Peoria web design company. Spanning from custom website design and development to local SEO and social media marketing, OIC Group, Inc. is full-service web marketing firm that offers a wealth of solutions.

As the creator of Exponent CMS, OIC Group, Inc. offer fully-custom web design and development programs. To view examples of the company's work, visit the local website design portfolio to see both local and enterprise-level websites that OIC has created. In addition to search engine friendly websites, other specialties of OIC Group, Inc. include website optimization, conversion rate optimization, social media marketing, PPC advertising and Google Ads, local SEO and ecommerce SEO services.

If you're looking for ways to improve the potential of your Exponent CMS website, connect with Exponent CMS on Google+. To stay abreast various ways to better optimize your Exponent CMS website, follow OIC Group web design on Facebook.