Vulnerabilities > Exponentcms > Exponent CMS > 2.4.0

DATE CVE VULNERABILITY TITLE RISK
2020-12-31 CVE-2016-9026 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9025 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9023 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9022 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9021 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2018-03-04 CVE-2017-18213 Unspecified vulnerability in Exponentcms Exponent CMS
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
network
low complexity
exponentcms
7.2
7.2
2017-04-22 CVE-2017-7991 SQL Injection vulnerability in Exponentcms Exponent CMS
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2016-11-29 CVE-2016-9481 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2016-11-15 CVE-2016-9287 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2016-11-11 CVE-2016-9288 SQL Injection vulnerability in Exponentcms Exponent CMS
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8