Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expressionengine expressionengine vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0738
A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely...
Garethhk Mldong 1.0
NA
CVE-2023-22953
In ExpressionEngine prior to 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
Expressionengine Expressionengine
578
VMScore
CVE-2020-8242
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
Expressionengine Expressionengine
668
VMScore
CVE-2021-33199
In Expression Engine prior to 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
Expressionengine Expressionengine
578
VMScore
CVE-2021-27230
ExpressionEngine prior to 5.4.2 and 6.x prior to 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
Expressionengine Expressionengine
580
VMScore
CVE-2020-13443
ExpressionEngine prior to 5.3.2 allows remote malicious users to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type chec...
Expressionengine Expressionengine
383
VMScore
CVE-2018-17874
ExpressionEngine prior to 4.3.5 has reflected XSS.
Expressionengine Expressionengine
312
VMScore
CVE-2017-1000160
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Expressionengine Expressionengine 3.4.2
445
VMScore
CVE-2017-0897
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
Expressionengine Expressionengine 3.5.1
Expressionengine Expressionengine 3.4.7
Expressionengine Expressionengine 3.4.0
Expressionengine Expressionengine 3.3.3
Expressionengine Expressionengine 3.1.3
Expressionengine Expressionengine 3.1.1
Expressionengine Expressionengine 3.0.3
Expressionengine Expressionengine 3.0.1
Expressionengine Expressionengine 2.11.2
Expressionengine Expressionengine 2.11.0
Expressionengine Expressionengine 2.9.1
Expressionengine Expressionengine 2.8.1
Expressionengine Expressionengine 2.7.0
Expressionengine Expressionengine 3.4.5
Expressionengine Expressionengine 3.4.4
Expressionengine Expressionengine 3.4.3
Expressionengine Expressionengine 3.4.2
Expressionengine Expressionengine 3.1.0
Expressionengine Expressionengine 3.0.6
Expressionengine Expressionengine 3.0.5
Expressionengine Expressionengine 3.0.4
Expressionengine Expressionengine 2.10.2
578
VMScore
CVE-2014-5387
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine prior to 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module...
Ellislab Expressionengine 2..5.4
Expressionengine Expressionengine 2.5.3
Expressionengine Expressionengine 2.5.2
Expressionengine Expressionengine 2.5.1
Expressionengine Expressionengine 2.5.0
Ellislab Expressionengine 2.0.2
Ellislab Expressionengine 2.0.1
Ellislab Expressionengine 2.0.0
Expressionengine Expressionengine 2.8.0
Expressionengine Expressionengine 2.7.3
Ellislab Expressionengine 2.7.2
Ellislab Expressionengine 2.7.1
Expressionengine Expressionengine 2.2.1
Expressionengine Expressionengine 2.2.0
Expressionengine Expressionengine 2.1.5
Expressionengine Expressionengine 2.1.4
Expressionengine Expressionengine
Ellislab Expressionengine 2.6.1
Ellislab Expressionengine 2.5.5
Ellislab Expressionengine 2.3.1
Expressionengine Expressionengine 2.2.2
Expressionengine Expressionengine 2.1.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »