Exponent Cms

exponent_cms

Vendor: Exponentcms • 59 CVEs

CVEs (59)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-9019 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands...Show more SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.Show less
CVE-2016-7789 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
CVE-2016-7788 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2016-7784 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2016-7783 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2016-7782 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
CVE-2016-7781 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
CVE-2016-7780 1Exponentcms 1Exponent Cms May 13, 2026 Mar 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVE-2016-7565 1Exponentcms 1Exponent Cms May 13, 2026 Feb 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
CVE-2016-7400 1Exponentcms 1Exponent Cms May 13, 2026 Feb 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter...Show more Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.Show less
CVE-2017-5879 1Exponentcms 1Exponent Cms May 13, 2026 Feb 6, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server,...Show more An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.Show less
CVE-2016-2242 1Exponentcms 1Exponent Cms May 13, 2026 Jan 23, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
CVE-2015-8684 1Exponentcms 1Exponent Cms May 13, 2026 Jan 18, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demo...Show more Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.Show less
CVE-2015-8667 1Exponentcms 1Exponent Cms May 13, 2026 Jan 18, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
CVE-2016-7791 1Exponentcms 1Exponent Cms May 6, 2026 Jan 12, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sa...Show more Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.Show less
CVE-2016-7790 1Exponentcms 1Exponent Cms May 6, 2026 Jan 12, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which l...Show more Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.Show less
CVE-2016-9481 1Exponentcms 1Exponent Cms May 6, 2026 Nov 29, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parame...Show more In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.Show less
CVE-2016-9287 1Exponentcms 1Exponent Cms May 6, 2026 Nov 15, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the paramet...Show more In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.Show less
CVE-2016-9288 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injectio...Show more In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.Show less
CVE-2016-9286 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an add...Show more framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.Show less

Previous 123 Next