Vulnerabilities > Exponentcms

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-24	CVE-2016-8900	Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. network low complexity exponentcms CWE-74 critical	9.8
2019-05-24	CVE-2016-8898	SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. network low complexity exponentcms CWE-89 critical	9.8
2019-05-23	CVE-2016-8899	Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. network low complexity exponentcms CWE-74 critical	9.8
2019-05-23	CVE-2016-8897	SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php. network low complexity exponentcms CWE-89 critical	9.8
2018-03-07	CVE-2016-7443	Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." network low complexity exponentcms CWE-434 critical	9.8
2018-03-04	CVE-2017-18213	Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. network low complexity exponentcms	7.2
2017-08-28	CVE-2015-1177	Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.2 Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. network low complexity exponentcms CWE-79	6.1
2017-04-24	CVE-2017-8085	Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0/2.3.1 In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. network low complexity exponentcms CWE-79	6.1
2017-04-22	CVE-2017-7991	SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-9087	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. network low complexity exponentcms CWE-89 critical	9.8

Vulnerabilities > Exponentcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Exponentcms"}]}

Vulnerabilities > Exponentcms