Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:exponentcms:exponent_cms:2.4.1:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-9026 |
Exponent CMS before 2.6.0 has improper input validation in fileController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9025 |
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9023 |
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9022 |
Exponent CMS before 2.6.0 has improper input validation in usersController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-9021 |
Exponent CMS before 2.6.0 has improper input validation in storeController.php. Published: December 30, 2020; 10:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-18213 |
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. Published: March 03, 2018; 9:29:02 PM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-7991 |
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. Published: April 21, 2017; 9:59:02 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-5879 |
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src. Published: February 06, 2017; 10:59:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |