Vulnerabilities > Exponentcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-03 | CVE-2016-9135 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. | 5.0 |
| 2016-11-03 | CVE-2016-9134 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. | 5.0 |
| 2016-11-03 | CVE-2016-7453 | SQL Injection vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | 7.5 |
| 2016-11-03 | CVE-2016-7452 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | 5.0 |
| 2016-11-03 | CVE-2016-7095 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | 7.5 |
| 2015-02-19 | CVE-2014-8690 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser. | 4.3 |
| 2014-12-30 | CVE-2013-3295 | Path Traversal vulnerability in Exponentcms Exponent CMS Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2014-10-26 | CVE-2014-6635 | Cross-Site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0 Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php. | 4.3 |
| 2014-02-11 | CVE-2013-3294 | SQL Injection vulnerability in Exponentcms Exponent CMS Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php. | 7.5 |
| 2011-11-01 | CVE-2010-5002 | Cross-Site Scripting vulnerability in Exponentcms Exponent CMS 0.97.0 Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter. | 4.3 |