Vulnerabilities > Expressionengine > Expressionengine > 5.3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-09 | CVE-2023-22953 | Unspecified vulnerability in Expressionengine In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. | 8.8 |
2022-02-18 | CVE-2020-8242 | SQL Injection vulnerability in Expressionengine Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. | 6.5 |
2021-08-12 | CVE-2021-33199 | Improper Input Validation vulnerability in Expressionengine In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | 7.5 |
2021-03-15 | CVE-2021-27230 | Code Injection vulnerability in Expressionengine ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | 6.5 |