Vulnerabilities > Exponentcms > Exponent CMS > 2.0.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-31 | CVE-2016-9026 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in fileController.php. | 7.5 |
| 2020-12-31 | CVE-2016-9025 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | 7.5 |
| 2020-12-31 | CVE-2016-9023 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | 7.5 |
| 2020-12-31 | CVE-2016-9022 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in usersController.php. | 7.5 |
| 2020-12-31 | CVE-2016-9021 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in storeController.php. | 7.5 |
| 2018-03-04 | CVE-2017-18213 | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 6.5 |
| 2017-04-22 | CVE-2017-7991 | SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 7.5 |
| 2017-03-07 | CVE-2016-9087 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | 7.5 |
| 2017-03-07 | CVE-2016-9020 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |
| 2017-03-07 | CVE-2016-9019 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | 7.5 |