expressionengine expressionengine 2.5.1 vulnerabilities and exploits

(subscribe to this query)

6.5

CVSSv2

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine prior to 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module...

5

CVSSv2

ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.

Expressionengine Expressionengine 3.5.1 Expressionengine Expressionengine 3.4.7 Expressionengine Expressionengine 3.4.0 Expressionengine Expressionengine 3.3.3 Expressionengine Expressionengine 3.1.3 Expressionengine Expressionengine 3.1.1 Expressionengine Expressionengine 3.0.3 Expressionengine Expressionengine 3.0.1 Expressionengine Expressionengine 2.11.2 Expressionengine Expressionengine 2.11.0 Expressionengine Expressionengine 2.9.1 Expressionengine Expressionengine 2.8.1 Expressionengine Expressionengine 2.7.0 Expressionengine Expressionengine 3.4.5 Expressionengine Expressionengine 3.4.4 Expressionengine Expressionengine 3.4.3 Expressionengine Expressionengine 3.4.2 Expressionengine Expressionengine 3.1.0 Expressionengine Expressionengine 3.0.6 Expressionengine Expressionengine 3.0.5 Expressionengine Expressionengine 3.0.4 Expressionengine Expressionengine 2.10.2

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook