Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expressionengine expressionengine vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0738
A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely...
Garethhk Mldong 1.0
NA
CVE-2023-22953
In ExpressionEngine prior to 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
Expressionengine Expressionengine
6.5
CVSSv2
CVE-2020-8242
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
Expressionengine Expressionengine
7.5
CVSSv2
CVE-2021-33199
In Expression Engine prior to 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
Expressionengine Expressionengine
6.5
CVSSv2
CVE-2021-27230
ExpressionEngine prior to 5.4.2 and 6.x prior to 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
Expressionengine Expressionengine
6.5
CVSSv2
CVE-2020-13443
ExpressionEngine prior to 5.3.2 allows remote malicious users to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type chec...
Expressionengine Expressionengine
4.3
CVSSv2
CVE-2018-17874
ExpressionEngine prior to 4.3.5 has reflected XSS.
Expressionengine Expressionengine
3.5
CVSSv2
CVE-2017-1000160
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Expressionengine Expressionengine 3.4.2
5
CVSSv2
CVE-2017-0897
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
Expressionengine Expressionengine 3.5.1
Expressionengine Expressionengine 3.4.7
Expressionengine Expressionengine 3.4.0
Expressionengine Expressionengine 3.3.3
Expressionengine Expressionengine 3.1.3
Expressionengine Expressionengine 3.1.1
Expressionengine Expressionengine 3.0.3
Expressionengine Expressionengine 3.0.1
Expressionengine Expressionengine 2.11.2
Expressionengine Expressionengine 2.11.0
Expressionengine Expressionengine 2.9.1
Expressionengine Expressionengine 2.8.1
Expressionengine Expressionengine 2.7.0
Expressionengine Expressionengine 3.4.5
Expressionengine Expressionengine 3.4.4
Expressionengine Expressionengine 3.4.3
Expressionengine Expressionengine 3.4.2
Expressionengine Expressionengine 3.1.0
Expressionengine Expressionengine 3.0.6
Expressionengine Expressionengine 3.0.5
Expressionengine Expressionengine 3.0.4
Expressionengine Expressionengine 2.10.2
6.5
CVSSv2
CVE-2014-5387
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine prior to 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module...
Ellislab Expressionengine 2..5.4
Expressionengine Expressionengine 2.5.3
Expressionengine Expressionengine 2.5.2
Expressionengine Expressionengine 2.5.1
Expressionengine Expressionengine 2.5.0
Ellislab Expressionengine 2.0.2
Ellislab Expressionengine 2.0.1
Ellislab Expressionengine 2.0.0
Expressionengine Expressionengine 2.8.0
Expressionengine Expressionengine 2.7.3
Ellislab Expressionengine 2.7.2
Ellislab Expressionengine 2.7.1
Expressionengine Expressionengine 2.2.1
Expressionengine Expressionengine 2.2.0
Expressionengine Expressionengine 2.1.5
Expressionengine Expressionengine 2.1.4
Expressionengine Expressionengine
Ellislab Expressionengine 2.6.1
Ellislab Expressionengine 2.5.5
Ellislab Expressionengine 2.3.1
Expressionengine Expressionengine 2.2.2
Expressionengine Expressionengine 2.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »