Vulnerabilities > Exponentcms > Exponent CMS > 2.3.1

DATE CVE VULNERABILITY TITLE RISK
2020-12-31 CVE-2016-9026 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9025 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9023 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9022 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9021 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2018-03-07 CVE-2016-7443 Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
network
low complexity
exponentcms CWE-434
critical
 9.8
9.8
2018-03-04 CVE-2017-18213 Unspecified vulnerability in Exponentcms Exponent CMS
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
network
low complexity
exponentcms
7.2
7.2
2017-04-24 CVE-2017-8085 Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0/2.3.1
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
network
low complexity
exponentcms CWE-79
6.1
6.1
2017-04-22 CVE-2017-7991 SQL Injection vulnerability in Exponentcms Exponent CMS
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2017-03-07 CVE-2016-9087 SQL Injection vulnerability in Exponentcms Exponent CMS
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8