Vulnerabilities > Exponentcms

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2021-32441 SQL Injection vulnerability in Exponentcms Exponent CMS 2.6.0
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
network
low complexity
exponentcms CWE-89
7.5
7.5
2022-02-09 CVE-2022-23047 Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.6.0
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
network
low complexity
exponentcms CWE-79
4.8
4.8
2022-02-09 CVE-2022-23048 Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS 2.6.0
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it.
network
low complexity
exponentcms CWE-434
7.2
7.2
2022-02-09 CVE-2022-23049 Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.6.0
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in.
network
low complexity
exponentcms CWE-79
5.4
5.4
2021-08-16 CVE-2021-38751 Improper Encoding or Escaping of Output vulnerability in Exponentcms
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php.
network
low complexity
exponentcms CWE-116
4.3
4.3
2020-12-31 CVE-2016-9026 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9025 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9023 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9022 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9021 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8