Vulnerabilities > Exponentcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-11-11 CVE-2016-9283 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
network
low complexity
exponentcms CWE-89
5.0
2016-11-11 CVE-2016-9282 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
network
low complexity
exponentcms CWE-89
5.0
2016-11-11 CVE-2016-9272 SQL Injection vulnerability in Exponentcms Exponent CMS
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
network
low complexity
exponentcms CWE-89
6.4
2016-11-07 CVE-2016-9242 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
network
low complexity
exponentcms CWE-89
6.5
2016-11-04 CVE-2016-9184 Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection.
network
low complexity
exponentcms CWE-200
5.0
2016-11-04 CVE-2016-9183 Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql.
network
low complexity
exponentcms CWE-200
5.0
2016-11-04 CVE-2016-9182 Improper Access Control vulnerability in Exponentcms Exponent CMS 2.4.0
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission.
network
low complexity
exponentcms CWE-284
5.0
2016-11-03 CVE-2016-9135 Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter.
network
low complexity
exponentcms CWE-200
5.0
2016-11-03 CVE-2016-9134 Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter.
network
low complexity
exponentcms CWE-200
5.0
2016-11-03 CVE-2016-7452 Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
network
low complexity
exponentcms CWE-434
5.0