Exponent CMS
by Exponent
Source repositories
CVEs (79)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9285 | Med | 0.35 | 5.3 | 0.01 | Nov 11, 2016 | framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | ||
| CVE-2016-9284 | Med | 0.35 | 5.3 | 0.01 | Nov 11, 2016 | getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | ||
| CVE-2006-4963 | 0.04 | — | 0.07 | Sep 23, 2006 | Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code… | |||
| CVE-2014-8690 | 0.03 | — | 0.04 | Feb 19, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to… | |||
| CVE-2013-3294 | 0.03 | — | 0.02 | Feb 11, 2014 | Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php. | |||
| CVE-2010-5002 | 0.03 | — | 0.02 | Nov 1, 2011 | Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter. | |||
| CVE-2007-2337 | 0.03 | — | 0.02 | Apr 27, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url… | |||
| CVE-2007-2252 | 0.03 | — | 0.03 | Apr 25, 2007 | Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter. | |||
| CVE-2021-38751 | 0.01 | — | 0.02 | Aug 16, 2021 | A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM. | |||
| CVE-2021-32441 | 0.00 | — | 0.01 | Feb 17, 2023 | SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. | |||
| CVE-2022-23049 | 0.00 | — | 0.03 | Feb 9, 2022 | Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator… | |||
| CVE-2022-23048 | 0.00 | — | 0.02 | Feb 9, 2022 | Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute… | |||
| CVE-2022-23047 | 0.00 | — | 0.03 | Feb 9, 2022 | Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site" | |||
| CVE-2016-9023 | 0.00 | — | 0.01 | Dec 31, 2020 | Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | |||
| CVE-2016-9025 | 0.00 | — | 0.01 | Dec 31, 2020 | Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | |||
| CVE-2016-9022 | 0.00 | — | 0.01 | Dec 31, 2020 | Exponent CMS before 2.6.0 has improper input validation in usersController.php. | |||
| CVE-2016-9021 | 0.00 | — | 0.01 | Dec 31, 2020 | Exponent CMS before 2.6.0 has improper input validation in storeController.php. | |||
| CVE-2016-8898 | 0.00 | — | 0.02 | May 24, 2019 | Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. | |||
| CVE-2016-8900 | 0.00 | — | 0.02 | May 24, 2019 | Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. | |||
| CVE-2016-8897 | 0.00 | — | 0.02 | May 23, 2019 | Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php. |
- risk 0.35cvss 5.3epss 0.01
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
- risk 0.35cvss 5.3epss 0.01
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
- CVE-2006-4963Sep 23, 2006risk 0.04cvss —epss 0.07
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code…
- CVE-2014-8690Feb 19, 2015risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to…
- CVE-2013-3294Feb 11, 2014risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
- CVE-2010-5002Nov 1, 2011risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
- CVE-2007-2337Apr 27, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url…
- CVE-2007-2252Apr 25, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
- CVE-2021-38751Aug 16, 2021risk 0.01cvss —epss 0.02
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.
- CVE-2021-32441Feb 17, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
- CVE-2022-23049Feb 9, 2022risk 0.00cvss —epss 0.03
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator…
- CVE-2022-23048Feb 9, 2022risk 0.00cvss —epss 0.02
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute…
- CVE-2022-23047Feb 9, 2022risk 0.00cvss —epss 0.03
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
- CVE-2016-9023Dec 31, 2020risk 0.00cvss —epss 0.01
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
- CVE-2016-9025Dec 31, 2020risk 0.00cvss —epss 0.01
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
- CVE-2016-9022Dec 31, 2020risk 0.00cvss —epss 0.01
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
- CVE-2016-9021Dec 31, 2020risk 0.00cvss —epss 0.01
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
- CVE-2016-8898May 24, 2019risk 0.00cvss —epss 0.02
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
- CVE-2016-8900May 24, 2019risk 0.00cvss —epss 0.02
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
- CVE-2016-8897May 23, 2019risk 0.00cvss —epss 0.02
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
Page 3 of 4