Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms 2.3.9 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2016-7790
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
Exponentcms Exponent Cms 2.3.9
5
CVSSv2
CVE-2016-9134
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
Exponentcms Exponent Cms 2.3.9
5
CVSSv2
CVE-2016-9135
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-7565
install/index.php in Exponent CMS 2.3.9 allows remote malicious users to execute arbitrary commands via shell metacharacters in the sc array parameter.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-8897
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-8898
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-8899
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-8900
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-7791
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads t...
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-7400
Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id ...
Exponentcms Exponent Cms
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »