Search Results (Refine Search)
- CPE Product Version: cpe:/a:exponentcms:exponent_cms:2.4.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-9026 |
Exponent CMS before 2.6.0 has improper input validation in fileController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9025 |
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9023 |
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9022 |
Exponent CMS before 2.6.0 has improper input validation in usersController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9021 |
Exponent CMS before 2.6.0 has improper input validation in storeController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-18213 |
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. Published: March 03, 2018; 9:29:02 PM -0500 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-8085 |
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. Published: April 24, 2017; 10:59:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7991 |
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. Published: April 21, 2017; 9:59:02 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9481 |
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection. Published: November 29, 2016; 6:59:01 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9287 |
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. Published: November 15, 2016; 6:59:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9288 |
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1. Published: November 11, 2016; 6:59:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9286 |
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. Published: November 11, 2016; 5:59:04 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-9285 |
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. Published: November 11, 2016; 5:59:03 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-9284 |
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. Published: November 11, 2016; 5:59:02 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-9283 |
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. Published: November 11, 2016; 5:59:01 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9282 |
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. Published: November 11, 2016; 5:59:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9272 |
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. Published: November 11, 2016; 6:59:00 AM -0500 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2016-9242 |
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. Published: November 07, 2016; 6:59:01 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-9184 |
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. Published: November 04, 2016; 6:59:04 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9183 |
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure. Published: November 04, 2016; 6:59:02 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |