High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-07	CVE-2016-7443	Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." network low complexity exponentcms CWE-434	7.5
2017-04-22	CVE-2017-7991	SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-9087	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-9020	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-9019	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-7789	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-7788	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-7784	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-7783	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. network low complexity exponentcms CWE-89	7.5
2017-03-07	CVE-2016-7782	SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. network low complexity exponentcms CWE-89	7.5