Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-7400
Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id ...
Exponentcms Exponent Cms
1 EDB exploit
9.8
CVSSv3
CVE-2016-7453
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9019
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the is_what parameter.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9020
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the version parameter.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9021
Exponent CMS prior to 2.6.0 has improper input validation in storeController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9022
Exponent CMS prior to 2.6.0 has improper input validation in usersController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9023
Exponent CMS prior to 2.6.0 has improper input validation in cron/find_help.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9025
Exponent CMS prior to 2.6.0 has improper input validation in purchaseOrderController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9026
Exponent CMS prior to 2.6.0 has improper input validation in fileController.php.
Exponentcms Exponent Cms
NA
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS prior to 2.2.0 RC1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Exponentcms Exponent Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »