CVE-2016-8900

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
Source: NIST
CVE-2016-8900