Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponentcms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS prior to 2.2.0 RC1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7788
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7789
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the apikey parameter.
Exponentcms Exponent Cms
4.3
CVSSv2
CVE-2015-8667
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS prior to 2.3.5 allows remote malicious users to inject arbitrary web script or HTML via the Username/Email.
Exponentcms Exponent Cms
4.3
CVSSv2
CVE-2015-8684
Exponent CMS prior to 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote malicious users to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension...
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7780
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the version parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7781
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the author parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7782
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the src parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7783
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the title parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7784
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the section parameter.
Exponentcms Exponent Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »