Vulnerabilities > Exponentcms > Exponent CMS > 2.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-31 | CVE-2016-9026 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in fileController.php. | 9.8 |
2020-12-31 | CVE-2016-9025 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | 9.8 |
2020-12-31 | CVE-2016-9023 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | 9.8 |
2020-12-31 | CVE-2016-9022 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in usersController.php. | 9.8 |
2020-12-31 | CVE-2016-9021 | Improper Input Validation vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.6.0 has improper input validation in storeController.php. | 9.8 |
2018-03-04 | CVE-2017-18213 | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 7.2 |
2017-04-22 | CVE-2017-7991 | SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 9.8 |
2016-11-29 | CVE-2016-9481 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. | 9.8 |
2016-11-15 | CVE-2016-9287 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. | 9.8 |
2016-11-11 | CVE-2016-9288 | SQL Injection vulnerability in Exponentcms Exponent CMS In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. | 9.8 |