Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5879
An issue exists in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulne...
Exponentcms Exponent Cms 2.4.1
9.8
CVSSv3
CVE-2016-2242
Exponent CMS 2.x prior to 2.3.7 Patch 3 allows remote malicious users to execute arbitrary code via the sc parameter to install/index.php.
Exponentcms Exponent Cms 2.0.8
Exponentcms Exponent Cms 2.0.4
Exponentcms Exponent Cms 2.3.0
Exponentcms Exponent Cms 2.1.0
Exponentcms Exponent Cms 2.2.3
Exponentcms Exponent Cms 2.3.3
Exponentcms Exponent Cms 2.0.0
Exponentcms Exponent Cms 2.3.4
Exponentcms Exponent Cms 2.2.0
Exponentcms Exponent Cms 2.1.3
Exponentcms Exponent Cms 2.3.8
Exponentcms Exponent Cms 2.1.4
Exponentcms Exponent Cms 2.3.1
Exponentcms Exponent Cms 2.0.6
Exponentcms Exponent Cms 2.0.5
Exponentcms Exponent Cms 2.2.2
Exponentcms Exponent Cms 2.3.7
Exponentcms Exponent Cms 2.1.1
Exponentcms Exponent Cms 2.0.3
Exponentcms Exponent Cms 2.3.5
Exponentcms Exponent Cms 2.2.1
Exponentcms Exponent Cms 2.3.2
6.1
CVSSv3
CVE-2015-8667
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS prior to 2.3.5 allows remote malicious users to inject arbitrary web script or HTML via the Username/Email.
Exponentcms Exponent Cms
6.1
CVSSv3
CVE-2015-8684
Exponent CMS prior to 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote malicious users to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension...
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-7790
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
Exponentcms Exponent Cms 2.3.9
9.8
CVSSv3
CVE-2016-7791
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads t...
Exponentcms Exponent Cms 2.3.9
9.8
CVSSv3
CVE-2016-9481
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' use...
Exponentcms Exponent Cms 2.4.0
9.8
CVSSv3
CVE-2016-9287
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL i...
Exponentcms Exponent Cms 2.4.0
9.8
CVSSv3
CVE-2016-9288
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /n...
Exponentcms Exponent Cms
7.5
CVSSv3
CVE-2016-9283
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote malicious users to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
Exponentcms Exponent Cms 2.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »