Vulnerabilities > Exponentcms > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-07 | CVE-2016-7781 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | 7.5 |
2017-03-07 | CVE-2016-7780 | SQL Injection vulnerability in Exponentcms Exponent CMS SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |
2017-02-13 | CVE-2016-7565 | Improper Access Control vulnerability in Exponentcms Exponent CMS 2.3.9 install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | 7.5 |
2017-02-07 | CVE-2016-7400 | SQL Injection vulnerability in Exponentcms Exponent CMS Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. | 7.5 |
2017-02-06 | CVE-2017-5879 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.1 An issue was discovered in Exponent CMS 2.4.1. | 7.5 |
2017-01-12 | CVE-2016-7791 | Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. | 7.5 |
2017-01-12 | CVE-2016-7790 | Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. | 7.5 |
2016-11-29 | CVE-2016-9481 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. | 7.5 |
2016-11-15 | CVE-2016-9287 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. | 7.5 |
2016-11-11 | CVE-2016-9288 | SQL Injection vulnerability in Exponentcms Exponent CMS In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. | 7.5 |