Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exponentcms exponent cms 2.6.0 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/confi...
Exponentcms Exponent Cms 2.6.0
6.5
CVSSv2
CVE-2022-23048
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execu...
Exponentcms Exponent Cms 2.6.0
3.5
CVSSv2
CVE-2022-23049
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an malicious user to com...
Exponentcms Exponent Cms 2.6.0
7.5
CVSSv2
CVE-2016-9021
Exponent CMS prior to 2.6.0 has improper input validation in storeController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9022
Exponent CMS prior to 2.6.0 has improper input validation in usersController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9025
Exponent CMS prior to 2.6.0 has improper input validation in purchaseOrderController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9026
Exponent CMS prior to 2.6.0 has improper input validation in fileController.php.
Exponentcms Exponent Cms
7.5
CVSSv2
CVE-2016-9023
Exponent CMS prior to 2.6.0 has improper input validation in cron/find_help.php.
Exponentcms Exponent Cms
NA
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows malicious users to gain access to sensitive information via the selectValue function in the expConfig class.
Exponentcms Exponent Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started