Vulnerabilities > Exponentcms > Exponent CMS > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-31 CVE-2016-9021 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9022 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9023 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9025 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2020-12-31 CVE-2016-9026 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
network
low complexity
exponentcms CWE-20
critical
 9.8
9.8
2019-05-24 CVE-2016-8898 SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2019-05-24 CVE-2016-8900 Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
network
low complexity
exponentcms CWE-74
critical
 9.8
9.8
2019-05-23 CVE-2016-8897 SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2019-05-23 CVE-2016-8899 Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
network
low complexity
exponentcms CWE-74
critical
 9.8
9.8
2018-03-07 CVE-2016-7443 Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
network
low complexity
exponentcms CWE-434
critical
 9.8
9.8