Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2016-9023
Exponent CMS prior to 2.6.0 has improper input validation in cron/find_help.php.
Exponentcms Exponent Cms
668
VMScore
CVE-2016-9025
Exponent CMS prior to 2.6.0 has improper input validation in purchaseOrderController.php.
Exponentcms Exponent Cms
668
VMScore
CVE-2016-9026
Exponent CMS prior to 2.6.0 has improper input validation in fileController.php.
Exponentcms Exponent Cms
312
VMScore
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/confi...
Exponentcms Exponent Cms 2.6.0
580
VMScore
CVE-2022-23048
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execu...
Exponentcms Exponent Cms 2.6.0
312
VMScore
CVE-2022-23049
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an malicious user to com...
Exponentcms Exponent Cms 2.6.0
668
VMScore
CVE-2017-5879
An issue exists in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulne...
Exponentcms Exponent Cms 2.4.1
383
VMScore
CVE-2014-6635
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote malicious users to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
Exponentcms Exponent Cms 2.3.0
668
VMScore
CVE-2016-8897
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
Exponentcms Exponent Cms 2.3.9
668
VMScore
CVE-2016-8898
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Exponentcms Exponent Cms 2.3.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »