Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-9135
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
Exponentcms Exponent Cms 2.3.9
7.2
CVSSv3
CVE-2022-23048
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execu...
Exponentcms Exponent Cms 2.6.0
6.1
CVSSv3
CVE-2015-1177
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
Exponentcms Exponent Cms 2.3.2
9.8
CVSSv3
CVE-2016-7790
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
Exponentcms Exponent Cms 2.3.9
9.8
CVSSv3
CVE-2017-5879
An issue exists in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulne...
Exponentcms Exponent Cms 2.4.1
9.8
CVSSv3
CVE-2016-7791
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads t...
Exponentcms Exponent Cms 2.3.9
4.8
CVSSv3
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/confi...
Exponentcms Exponent Cms 2.6.0
5.4
CVSSv3
CVE-2022-23049
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an malicious user to com...
Exponentcms Exponent Cms 2.6.0
NA
CVE-2014-6635
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote malicious users to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
Exponentcms Exponent Cms 2.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6