Vulnerabilities > Exponentcms > Exponent CMS > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2021-32441 SQL Injection vulnerability in Exponentcms Exponent CMS 2.6.0
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
network
low complexity
exponentcms CWE-89
7.5
7.5
2020-12-31 CVE-2016-9026 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
network
low complexity
exponentcms CWE-20
7.5
7.5
2020-12-31 CVE-2016-9025 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
network
low complexity
exponentcms CWE-20
7.5
7.5
2020-12-31 CVE-2016-9023 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
network
low complexity
exponentcms CWE-20
7.5
7.5
2020-12-31 CVE-2016-9022 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
network
low complexity
exponentcms CWE-20
7.5
7.5
2020-12-31 CVE-2016-9021 Improper Input Validation vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
network
low complexity
exponentcms CWE-20
7.5
7.5
2019-05-24 CVE-2016-8900 Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
network
low complexity
exponentcms CWE-74
7.5
7.5
2019-05-24 CVE-2016-8898 SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
network
low complexity
exponentcms CWE-89
7.5
7.5
2019-05-23 CVE-2016-8899 Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
network
low complexity
exponentcms CWE-74
7.5
7.5
2019-05-23 CVE-2016-8897 SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
network
low complexity
exponentcms CWE-89
7.5
7.5