Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2016-7781
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the author parameter.
Exponentcms Exponent Cms
668
VMScore
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS prior to 2.2.0 RC1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Exponentcms Exponent Cms
445
VMScore
CVE-2016-9282
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote malicious users to read database information via action=search&module=search with the search_string parameter.
Exponentcms Exponent Cms 2.4.0
668
VMScore
CVE-2016-9481
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' use...
Exponentcms Exponent Cms 2.4.0
668
VMScore
CVE-2016-7791
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads t...
Exponentcms Exponent Cms 2.3.9
668
VMScore
CVE-2016-7790
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
Exponentcms Exponent Cms 2.3.9
445
VMScore
CVE-2016-9286
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote malicious users to read address information, as demonstrated by an address/show/id/1 URI.
Exponentcms Exponent Cms 2.4.0
435
VMScore
CVE-2010-5002
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote malicious users to inject arbitrary web script or HTML via the u parameter.
Exponentcms Exponent Cms 0.97.0
1 EDB exploit
668
VMScore
CVE-2017-5879
An issue exists in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulne...
Exponentcms Exponent Cms 2.4.1
668
VMScore
CVE-2016-8898
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Exponentcms Exponent Cms 2.3.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »