Vulnerabilities > Exponentcms > Exponent CMS > 2.3.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-7781 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7780 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |
| 2017-02-13 | CVE-2016-7565 | Improper Access Control vulnerability in Exponentcms Exponent CMS 2.3.9 install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | 7.5 |
| 2017-02-07 | CVE-2016-7400 | SQL Injection vulnerability in Exponentcms Exponent CMS Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. | 7.5 |
| 2017-01-12 | CVE-2016-7791 | Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. | 7.5 |
| 2017-01-12 | CVE-2016-7790 | Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. | 7.5 |
| 2016-11-11 | CVE-2016-9288 | SQL Injection vulnerability in Exponentcms Exponent CMS In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. | 7.5 |
| 2016-11-11 | CVE-2016-9272 | SQL Injection vulnerability in Exponentcms Exponent CMS A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | 6.4 |
| 2016-11-03 | CVE-2016-9135 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. | 5.0 |
| 2016-11-03 | CVE-2016-9134 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. | 5.0 |