Vulnerabilities > Exponentcms

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-07	CVE-2016-9020	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-9019	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-7789	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-7788	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-7784	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-7783	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-7782	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-7781	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-03-07	CVE-2016-7780	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. network low complexity exponentcms CWE-89 critical	9.8
2017-02-13	CVE-2016-7565	Improper Access Control vulnerability in Exponentcms Exponent CMS 2.3.9 install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. network low complexity exponentcms CWE-284 critical	9.8

Vulnerabilities > Exponentcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Exponentcms"}]}

Vulnerabilities > Exponentcms