CVE-2016-9284 (exponent_cms)

CVE-2016-9284 (exponent_cms)

getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.

Source: CVE-2016-9284 (exponent_cms)