Vulnerabilities > Exponentcms

DATE	CVE	VULNERABILITY TITLE	RISK
2016-11-03	CVE-2016-9135	SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. network low complexity exponentcms CWE-89	7.5
2016-11-03	CVE-2016-9134	SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. network low complexity exponentcms CWE-89	7.5
2016-11-03	CVE-2016-7453	SQL Injection vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. network low complexity exponentcms CWE-89 critical	9.8
2016-11-03	CVE-2016-7452	Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. network low complexity exponentcms CWE-434	7.5
2016-11-03	CVE-2016-7095	Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. network low complexity exponentcms CWE-434 critical	9.8

Vulnerabilities > Exponentcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Exponentcms"}]}