Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-7452
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7453
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9019
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the is_what parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9020
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the version parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9021
Exponent CMS prior to 2.6.0 has improper input validation in storeController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9022
Exponent CMS prior to 2.6.0 has improper input validation in usersController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9023
Exponent CMS prior to 2.6.0 has improper input validation in cron/find_help.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9025
Exponent CMS prior to 2.6.0 has improper input validation in purchaseOrderController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9026
Exponent CMS prior to 2.6.0 has improper input validation in fileController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9087
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the fileid parameter.
Exponentcms Exponent Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »