Vulnerabilities > Exponentcms > Exponent CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-24 | CVE-2016-8898 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. | 7.5 |
| 2019-05-23 | CVE-2016-8899 | Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. | 7.5 |
| 2019-05-23 | CVE-2016-8897 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php. | 7.5 |
| 2018-03-07 | CVE-2016-7443 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | 7.5 |
| 2018-03-04 | CVE-2017-18213 | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 6.5 |
| 2017-08-28 | CVE-2015-1177 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.2 Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | 4.3 |
| 2017-04-24 | CVE-2017-8085 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0/2.3.1 In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | 4.3 |
| 2017-04-22 | CVE-2017-7991 | SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 7.5 |
| 2017-03-07 | CVE-2016-9087 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | 7.5 |
| 2017-03-07 | CVE-2016-9020 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |