Vulnerabilities > Exponentcms > Exponent CMS > 2.4.1

DATE CVE VULNERABILITY TITLE RISK
2020-12-31 CVE-2016-9026 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9025 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9023 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9022 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9021 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2018-03-04 CVE-2017-18213 Unspecified vulnerability in Exponentcms Exponent CMS
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
network
low complexity
exponentcms
7.2
7.2
2017-04-22 CVE-2017-7991 SQL Injection vulnerability in Exponentcms Exponent CMS
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2017-02-06 CVE-2017-5879 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.1
An issue was discovered in Exponent CMS 2.4.1.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8