Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expressionengine expressionengine vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-0738
A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely...
Garethhk Mldong 1.0
9.8
CVSSv3
CVE-2021-33199
In Expression Engine prior to 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
Expressionengine Expressionengine
8.8
CVSSv3
CVE-2023-22953
In ExpressionEngine prior to 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
Expressionengine Expressionengine
8.8
CVSSv3
CVE-2021-27230
ExpressionEngine prior to 5.4.2 and 6.x prior to 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
Expressionengine Expressionengine
8.8
CVSSv3
CVE-2020-13443
ExpressionEngine prior to 5.3.2 allows remote malicious users to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type chec...
Expressionengine Expressionengine
7.5
CVSSv3
CVE-2017-0897
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
Expressionengine Expressionengine 2.2.1
Expressionengine Expressionengine 3.4.7
Expressionengine Expressionengine 3.5.4
Expressionengine Expressionengine 2.8.1
Expressionengine Expressionengine 2.9.1
Expressionengine Expressionengine 3.3.1
Expressionengine Expressionengine 3.3.2
Expressionengine Expressionengine 2.10.3
Expressionengine Expressionengine 2.10.1
Expressionengine Expressionengine 3.0.2
Expressionengine Expressionengine 3.4.2
Expressionengine Expressionengine 2.11.0
Expressionengine Expressionengine 2.6.1
Expressionengine Expressionengine 2.10.0
Expressionengine Expressionengine 3.5.0
Expressionengine Expressionengine 2.1.4
Expressionengine Expressionengine 2.5.3
Expressionengine Expressionengine 3.2.1
Expressionengine Expressionengine 3.0.6
Expressionengine Expressionengine 2.2.2
Expressionengine Expressionengine 2.9.3
Expressionengine Expressionengine 2.1.5
7.2
CVSSv3
CVE-2020-8242
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
Expressionengine Expressionengine
6.1
CVSSv3
CVE-2018-17874
ExpressionEngine prior to 4.3.5 has reflected XSS.
Expressionengine Expressionengine
5.4
CVSSv3
CVE-2017-1000160
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Expressionengine Expressionengine 3.4.2
NA
CVE-2014-5387
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine prior to 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module...
Expressionengine Expressionengine 2.2.1
Ellislab Expressionengine 2.3.1
Ellislab Expressionengine 2.0.1
Ellislab Expressionengine 2.0.2
Expressionengine Expressionengine 2.1.4
Expressionengine Expressionengine 2.5.3
Expressionengine Expressionengine 2.2.2
Expressionengine Expressionengine 2.1.5
Expressionengine Expressionengine 2.5.2
Ellislab Expressionengine 2.6.1
Expressionengine Expressionengine 2.3.0
Expressionengine Expressionengine 2.1.1
Expressionengine Expressionengine 2.8.0
Ellislab Expressionengine 2.5.5
Ellislab Expressionengine 2.8.1
Ellislab Expressionengine 2.7.1
Expressionengine Expressionengine 2.2.0
Expressionengine Expressionengine 2.4.0
Ellislab Expressionengine 2.0.0
Ellislab Expressionengine 2.7.2
Expressionengine Expressionengine 2.1.2
Expressionengine Expressionengine 2.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »