Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponentcms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-9286
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote malicious users to read address information, as demonstrated by an address/show/id/1 URI.
Exponentcms Exponent Cms 2.4.0
7.5
CVSSv2
CVE-2016-9481
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' use...
Exponentcms Exponent Cms 2.4.0
5
CVSSv2
CVE-2016-9135
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
Exponentcms Exponent Cms 2.3.9
4.3
CVSSv2
CVE-2014-6635
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote malicious users to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
Exponentcms Exponent Cms 2.3.0
3.5
CVSSv2
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/confi...
Exponentcms Exponent Cms 2.6.0
6.5
CVSSv2
CVE-2022-23048
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execu...
Exponentcms Exponent Cms 2.6.0
3.5
CVSSv2
CVE-2022-23049
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an malicious user to com...
Exponentcms Exponent Cms 2.6.0
7.5
CVSSv2
CVE-2016-8897
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-8898
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Exponentcms Exponent Cms 2.3.9
7.5
CVSSv2
CVE-2016-8899
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
Exponentcms Exponent Cms 2.3.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »