Vulnerabilities > Exponentcms > Exponent CMS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-22 | CVE-2017-7991 | SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 9.8 |
| 2017-03-07 | CVE-2016-7780 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 9.8 |
| 2017-03-07 | CVE-2016-7781 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | 9.8 |
| 2017-03-07 | CVE-2016-7782 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | 9.8 |
| 2017-03-07 | CVE-2016-7783 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 9.8 |
| 2017-03-07 | CVE-2016-7784 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | 9.8 |
| 2017-03-07 | CVE-2016-7788 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 9.8 |
| 2017-03-07 | CVE-2016-7789 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | 9.8 |
| 2017-03-07 | CVE-2016-9019 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | 9.8 |
| 2017-03-07 | CVE-2016-9020 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 9.8 |