Vulnerabilities > Exponentcms > Exponent CMS > 2.3.9

DATE CVE VULNERABILITY TITLE RISK
2017-03-07 CVE-2016-7781 SQL Injection vulnerability in Exponentcms Exponent CMS
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2017-03-07 CVE-2016-7780 SQL Injection vulnerability in Exponentcms Exponent CMS
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2017-02-13 CVE-2016-7565 Improper Access Control vulnerability in Exponentcms Exponent CMS 2.3.9
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
network
low complexity
exponentcms CWE-284
critical
 9.8
9.8
2017-02-07 CVE-2016-7400 SQL Injection vulnerability in Exponentcms Exponent CMS
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2017-01-12 CVE-2016-7791 Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2017-01-12 CVE-2016-7790 Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2016-11-11 CVE-2016-9288 SQL Injection vulnerability in Exponentcms Exponent CMS
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2016-11-11 CVE-2016-9272 SQL Injection vulnerability in Exponentcms Exponent CMS
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
network
low complexity
exponentcms CWE-89
critical
 9.1
9.1
2016-11-03 CVE-2016-9135 SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter.
network
low complexity
exponentcms CWE-89
7.5
7.5
2016-11-03 CVE-2016-9134 SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter.
network
low complexity
exponentcms CWE-89
7.5
7.5