Vulnerabilities (CVE)

Filtered by vendor Exponentcms Subscribe
Total 60 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23049 1 Exponentcms 1 Exponent Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
CVE-2022-23048 1 Exponentcms 1 Exponent Cms 2024-11-21 6.5 MEDIUM 7.2 HIGH
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
CVE-2022-23047 1 Exponentcms 1 Exponent Cms 2024-11-21 3.5 LOW 4.8 MEDIUM
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
CVE-2021-38751 1 Exponentcms 1 Exponentcms 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.
CVE-2021-32441 1 Exponentcms 1 Exponent Cms 2024-11-21 N/A 7.5 HIGH
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
CVE-2017-8085 1 Exponentcms 1 Exponent Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
CVE-2017-7991 1 Exponentcms 1 Exponent Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVE-2017-5879 1 Exponentcms 1 Exponent Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.
CVE-2017-18213 1 Exponentcms 1 Exponent Cms 2024-11-21 6.5 MEDIUM 7.2 HIGH
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
CVE-2016-9481 1 Exponentcms 1 Exponent Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
CVE-2016-9288 1 Exponentcms 1 Exponent Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
CVE-2016-9287 1 Exponentcms 1 Exponent Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
CVE-2016-9286 1 Exponentcms 1 Exponent Cms 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
CVE-2016-9285 1 Exponentcms 1 Exponent Cms 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
CVE-2016-9284 1 Exponentcms 1 Exponent Cms 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
CVE-2016-9283 1 Exponentcms 1 Exponent Cms 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
CVE-2016-9282 1 Exponentcms 1 Exponent Cms 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
CVE-2016-9272 1 Exponentcms 1 Exponent Cms 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVE-2016-9242 1 Exponentcms 1 Exponent Cms 2024-11-21 6.5 MEDIUM 8.8 HIGH
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
CVE-2016-9184 1 Exponentcms 1 Exponent Cms 2024-11-21 5.0 MEDIUM 7.5 HIGH
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.