Exponentcms

exponentcms

60 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (60)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-9286 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an add...Show more framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.Show less
CVE-2016-9285 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addre...Show more framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.Show less
CVE-2016-9284 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
CVE-2016-9283 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
CVE-2016-9282 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
CVE-2016-9272 1Exponentcms 1Exponent Cms May 6, 2026 Nov 11, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVE-2016-9242 1Exponentcms 1Exponent Cms May 6, 2026 Nov 7, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (...Show more Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.Show less
CVE-2016-9184 1Exponentcms 1Exponent Cms May 6, 2026 Nov 4, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a...Show more In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.Show less
CVE-2016-9183 1Exponentcms 1Exponent Cms May 6, 2026 Nov 4, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method...Show more In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure.Show less
CVE-2016-9182 1Exponentcms 1Exponent Cms May 6, 2026 Nov 4, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits un...Show more Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.Show less
CVE-2016-9135 1Exponentcms 1Exponent Cms May 6, 2026 Nov 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
CVE-2016-9134 1Exponentcms 1Exponent Cms May 6, 2026 Nov 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
CVE-2016-7453 1Exponentcms 1Exponent Cms May 6, 2026 Nov 3, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVE-2016-7452 1Exponentcms 1Exponent Cms May 6, 2026 Nov 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
CVE-2016-7095 1Exponentcms 1Exponent Cms May 6, 2026 Nov 3, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
CVE-2014-8690 1Exponentcms 1Exponent Cms May 6, 2026 Feb 19, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (...Show more Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.Show less
CVE-2013-3295 1Exponentcms 1Exponent Cms May 6, 2026 Dec 30, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2014-6635 1Exponentcms 1Exponent Cms May 6, 2026 Oct 26, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
CVE-2013-3294 1Exponentcms 1Exponent Cms Apr 29, 2026 Feb 11, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
CVE-2010-5002 1Exponentcms 1Exponent Cms Apr 29, 2026 Nov 1, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.

Previous 1 23