Vulnerabilities > Exponentcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-9020 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |
| 2017-03-07 | CVE-2016-9019 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7789 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7788 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7784 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7783 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7782 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7781 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | 7.5 |
| 2017-03-07 | CVE-2016-7780 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |
| 2017-02-13 | CVE-2016-7565 | Improper Access Control vulnerability in Exponentcms Exponent CMS 2.3.9 install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | 7.5 |