Vulnerabilities > Exponentcms > Exponent CMS > 2.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-31 | CVE-2016-9026 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in fileController.php. | 9.8 |
2020-12-31 | CVE-2016-9025 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | 9.8 |
2020-12-31 | CVE-2016-9023 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | 9.8 |
2020-12-31 | CVE-2016-9022 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in usersController.php. | 9.8 |
2020-12-31 | CVE-2016-9021 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in storeController.php. | 9.8 |
2018-03-07 | CVE-2016-7443 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | 9.8 |
2018-03-04 | CVE-2017-18213 | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 7.2 |
2017-04-24 | CVE-2017-8085 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0/2.3.1 In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | 6.1 |
2017-04-22 | CVE-2017-7991 | SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 9.8 |
2017-03-07 | CVE-2016-9087 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | 9.8 |