Vulnerabilities > Expressionengine > Expressionengine > 6.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-22953 | Unspecified vulnerability in Expressionengine In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. | 8.8 |
| 2021-08-12 | CVE-2021-33199 | Improper Input Validation vulnerability in Expressionengine In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | 7.5 |
| 2021-03-15 | CVE-2021-27230 | Code Injection vulnerability in Expressionengine ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | 6.5 |