Exponent CMS
by Exponent
Source repositories
CVEs (79)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7453 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2016 | The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | ||
| CVE-2016-7095 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2016 | Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | ||
| CVE-2016-9272 | Cri | 0.59 | 9.1 | 0.02 | Nov 11, 2016 | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | ||
| CVE-2016-7443 | Cri | 0.57 | 9.8 | 0.02 | Mar 7, 2018 | Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | ||
| CVE-2016-9242 | Hig | 0.57 | 8.8 | 0.01 | Nov 7, 2016 | Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | ||
| CVE-2016-9283 | Hig | 0.49 | 7.5 | 0.02 | Nov 11, 2016 | SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | ||
| CVE-2016-9282 | Hig | 0.49 | 7.5 | 0.02 | Nov 11, 2016 | SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | ||
| CVE-2016-9184 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2016 | In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for… | ||
| CVE-2016-9183 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2016 | In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed… | ||
| CVE-2016-9182 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2016 | Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can… | ||
| CVE-2016-9135 | Hig | 0.49 | 7.5 | 0.02 | Nov 3, 2016 | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | ||
| CVE-2016-9134 | Hig | 0.49 | 7.5 | 0.02 | Nov 3, 2016 | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | ||
| CVE-2016-7452 | Hig | 0.49 | 7.5 | 0.02 | Nov 3, 2016 | The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | ||
| CVE-2017-18213 | Hig | 0.47 | 7.2 | 0.01 | Mar 4, 2018 | In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | ||
| CVE-2021-47931 | Med | 0.42 | 6.4 | 0.00 | May 10, 2026 | Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to… | ||
| CVE-2015-1177 | Med | 0.40 | 6.1 | 0.01 | Aug 28, 2017 | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | ||
| CVE-2017-8085 | Med | 0.40 | 6.1 | 0.01 | Apr 24, 2017 | In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | ||
| CVE-2015-8684 | Med | 0.40 | 6.1 | 0.01 | Jan 18, 2017 | Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then… | ||
| CVE-2015-8667 | Med | 0.40 | 6.1 | 0.01 | Jan 18, 2017 | Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | ||
| CVE-2016-9286 | Med | 0.35 | 5.3 | 0.01 | Nov 11, 2016 | framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. |
- risk 0.64cvss 9.8epss 0.01
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
- risk 0.64cvss 9.8epss 0.02
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
- risk 0.59cvss 9.1epss 0.02
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
- risk 0.57cvss 9.8epss 0.02
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
- risk 0.57cvss 8.8epss 0.01
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
- risk 0.49cvss 7.5epss 0.02
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
- risk 0.49cvss 7.5epss 0.02
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
- risk 0.49cvss 7.5epss 0.02
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for…
- risk 0.49cvss 7.5epss 0.02
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed…
- risk 0.49cvss 7.5epss 0.01
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can…
- risk 0.49cvss 7.5epss 0.02
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
- risk 0.49cvss 7.5epss 0.02
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
- risk 0.49cvss 7.5epss 0.02
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
- risk 0.47cvss 7.2epss 0.01
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
- risk 0.42cvss 6.4epss 0.00
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
- risk 0.40cvss 6.1epss 0.01
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
- risk 0.40cvss 6.1epss 0.01
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
- risk 0.35cvss 5.3epss 0.01
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
Page 2 of 4