Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponentcms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-9019
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the is_what parameter.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9020
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the version parameter.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9022
Exponent CMS prior to 2.6.0 has improper input validation in usersController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9023
Exponent CMS prior to 2.6.0 has improper input validation in cron/find_help.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-9025
Exponent CMS prior to 2.6.0 has improper input validation in purchaseOrderController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2017-7991
Exponent CMS 2.4.1 and previous versions has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-7095
Exponent CMS prior to 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-7780
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the version parameter.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-7782
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the src parameter.
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-7784
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the section parameter.
Exponentcms Exponent Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »