Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-9283
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote malicious users to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
Exponentcms Exponent Cms 2.4.0
5.3
CVSSv3
CVE-2016-9285
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote malicious users to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
Exponentcms Exponent Cms 2.4.0
4.8
CVSSv3
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/confi...
Exponentcms Exponent Cms 2.6.0
9.8
CVSSv3
CVE-2016-9481
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' use...
Exponentcms Exponent Cms 2.4.0
NA
CVE-2014-6635
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote malicious users to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
Exponentcms Exponent Cms 2.3.0
9.8
CVSSv3
CVE-2016-8898
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Exponentcms Exponent Cms 2.3.9
9.8
CVSSv3
CVE-2016-8900
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv3
CVE-2016-9134
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv3
CVE-2016-9182
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can us...
Exponentcms Exponent Cms 2.4.0
7.5
CVSSv3
CVE-2016-9184
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQ...
Exponentcms Exponent Cms 2.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »