Vulnerabilities > Exponentcms > Exponent CMS > 2.3.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-04 | CVE-2017-18213 | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 6.5 |
| 2017-04-22 | CVE-2017-7991 | SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 7.5 |
| 2017-03-07 | CVE-2016-9087 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | 7.5 |
| 2017-03-07 | CVE-2016-9020 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |
| 2017-03-07 | CVE-2016-9019 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7789 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7788 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7784 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7783 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7782 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | 7.5 |