Vulnerabilities > Exponentcms > Exponent CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2021-32441 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.6.0 SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. | 7.5 |
| 2022-02-09 | CVE-2022-23047 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.6.0 Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site" | 4.8 |
| 2022-02-09 | CVE-2022-23048 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS 2.6.0 Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. | 7.2 |
| 2022-02-09 | CVE-2022-23049 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.6.0 Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. | 5.4 |
| 2020-12-31 | CVE-2016-9026 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in fileController.php. | 9.8 |
| 2020-12-31 | CVE-2016-9025 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | 9.8 |
| 2020-12-31 | CVE-2016-9023 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | 9.8 |
| 2020-12-31 | CVE-2016-9022 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in usersController.php. | 9.8 |
| 2020-12-31 | CVE-2016-9021 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in storeController.php. | 9.8 |
| 2019-05-24 | CVE-2016-8900 | Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. | 9.8 |