Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-7400
Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id ...
Exponentcms Exponent Cms
1 EDB exploit
9.8
CVSSv3
CVE-2017-5879
An issue exists in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulne...
Exponentcms Exponent Cms 2.4.1
9.8
CVSSv3
CVE-2016-2242
Exponent CMS 2.x prior to 2.3.7 Patch 3 allows remote malicious users to execute arbitrary code via the sc parameter to install/index.php.
Exponentcms Exponent Cms 2.3.5
Exponentcms Exponent Cms 2.3.1
Exponentcms Exponent Cms 2.2.1
Exponentcms Exponent Cms 2.2.0
Exponentcms Exponent Cms 2.0.9
Exponentcms Exponent Cms 2.0.5
Exponentcms Exponent Cms 2.0.4
Exponentcms Exponent Cms 2.3.3
Exponentcms Exponent Cms 2.2.3
Exponentcms Exponent Cms 2.1.3
Exponentcms Exponent Cms 2.1.2
Exponentcms Exponent Cms 2.0.7
Exponentcms Exponent Cms 2.0.6
Exponentcms Exponent Cms 2.0.2
Exponentcms Exponent Cms 2.0.1
Exponentcms Exponent Cms 2.3.7
Exponentcms Exponent Cms 2.3.2
Exponentcms Exponent Cms 2.2.2
Exponentcms Exponent Cms 2.1.1
Exponentcms Exponent Cms 2.1.0
Exponentcms Exponent Cms 2.0.0
Exponentcms Exponent Cms 2.3.8
6.1
CVSSv3
CVE-2015-8667
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS prior to 2.3.5 allows remote malicious users to inject arbitrary web script or HTML via the Username/Email.
Exponentcms Exponent Cms
6.1
CVSSv3
CVE-2015-8684
Exponent CMS prior to 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote malicious users to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension...
Exponentcms Exponent Cms
9.8
CVSSv3
CVE-2016-7790
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
Exponentcms Exponent Cms 2.3.9
9.8
CVSSv3
CVE-2016-7791
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads t...
Exponentcms Exponent Cms 2.3.9
9.8
CVSSv3
CVE-2016-9481
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' use...
Exponentcms Exponent Cms 2.4.0
9.8
CVSSv3
CVE-2016-9287
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL i...
Exponentcms Exponent Cms 2.4.0
9.8
CVSSv3
CVE-2016-9288
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /n...
Exponentcms Exponent Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »