Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponentcms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-9020
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the version parameter.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9021
Exponent CMS prior to 2.6.0 has improper input validation in storeController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9022
Exponent CMS prior to 2.6.0 has improper input validation in usersController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9023
Exponent CMS prior to 2.6.0 has improper input validation in cron/find_help.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9025
Exponent CMS prior to 2.6.0 has improper input validation in purchaseOrderController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9026
Exponent CMS prior to 2.6.0 has improper input validation in fileController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9087
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the fileid parameter.
Exponentcms Exponent Cms
6.1
CVSSv3
CVE-2017-8085
In Exponent CMS prior to 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-7400
Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id ...
Exponentcms Exponent Cms
1 EDB exploit
9.8
CVSSv3
CVE-2016-7453
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
Exponentcms Exponent Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »