Vulnerabilities > Expressionengine > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-22953 | Unspecified vulnerability in Expressionengine In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. | 8.8 |
| 2022-02-18 | CVE-2020-8242 | SQL Injection vulnerability in Expressionengine Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. | 7.2 |
| 2021-03-15 | CVE-2021-27230 | Code Injection vulnerability in Expressionengine ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | 8.8 |
| 2020-06-24 | CVE-2020-13443 | Unrestricted Upload of File with Dangerous Type vulnerability in Expressionengine ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. | 8.8 |
| 2017-06-22 | CVE-2017-0897 | Insufficient Entropy vulnerability in Expressionengine ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. | 7.5 |