Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-8684
Exponent CMS prior to 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote malicious users to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension...
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-7781
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the author parameter.
Exponentcms Exponent Cms
4.3
CVSSv2
CVE-2015-1177
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
Exponentcms Exponent Cms 2.3.2
7.5
CVSSv2
CVE-2016-7565
install/index.php in Exponent CMS 2.3.9 allows remote malicious users to execute arbitrary commands via shell metacharacters in the sc array parameter.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-7790
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
Exponentcms Exponent Cms 2.3.9
5
CVSSv2
CVE-2016-9135
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
Exponentcms Exponent Cms 2.3.9
5
CVSSv2
CVE-2016-9182
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can us...
Exponentcms Exponent Cms 2.4.0
5
CVSSv2
CVE-2016-9183
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed e...
Exponentcms Exponent Cms 2.4.0
5
CVSSv2
CVE-2016-9184
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQ...
Exponentcms Exponent Cms 2.4.0
5
CVSSv2
CVE-2016-9282
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote malicious users to read database information via action=search&module=search with the search_string parameter.
Exponentcms Exponent Cms 2.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »