Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-7452
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7453
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
Exponentcms Exponent Cms
NA
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows malicious users to gain access to sensitive information via the selectValue function in the expConfig class.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2017-7991
Exponent CMS 2.4.1 and previous versions has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9019
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the is_what parameter.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9021
Exponent CMS prior to 2.6.0 has improper input validation in storeController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9022
Exponent CMS prior to 2.6.0 has improper input validation in usersController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9023
Exponent CMS prior to 2.6.0 has improper input validation in cron/find_help.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9025
Exponent CMS prior to 2.6.0 has improper input validation in purchaseOrderController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9087
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the fileid parameter.
Exponentcms Exponent Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »