Exponent
Products
1- 79 CVEs
Recent CVEs
79| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7400 | Cri | 0.67 | 9.8 | 0.05 | Feb 7, 2017 | Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id… | ||
| CVE-2017-7991 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2017 | Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | ||
| CVE-2016-9087 | Cri | 0.64 | 9.8 | 0.02 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | ||
| CVE-2016-9020 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | ||
| CVE-2016-9019 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | ||
| CVE-2016-7789 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | ||
| CVE-2016-7788 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||
| CVE-2016-7784 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | ||
| CVE-2016-7783 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||
| CVE-2016-7782 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | ||
| CVE-2016-7781 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | ||
| CVE-2016-7780 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | ||
| CVE-2016-7565 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2017 | install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | ||
| CVE-2017-5879 | Cri | 0.64 | 9.8 | 0.02 | Feb 6, 2017 | An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile().… | ||
| CVE-2016-2242 | Cri | 0.64 | 9.8 | 0.07 | Jan 23, 2017 | Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | ||
| CVE-2016-7791 | Cri | 0.64 | 9.8 | 0.04 | Jan 12, 2017 | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code… | ||
| CVE-2016-7790 | Cri | 0.64 | 9.8 | 0.04 | Jan 12, 2017 | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | ||
| CVE-2016-9481 | Cri | 0.64 | 9.8 | 0.02 | Nov 29, 2016 | In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL.… | ||
| CVE-2016-9287 | Cri | 0.64 | 9.8 | 0.01 | Nov 15, 2016 | In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. | ||
| CVE-2016-9288 | Cri | 0.64 | 9.8 | 0.01 | Nov 11, 2016 | In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this:… |
- risk 0.67cvss 9.8epss 0.05
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id…
- risk 0.64cvss 9.8epss 0.02
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
- risk 0.64cvss 9.8epss 0.02
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile().…
- risk 0.64cvss 9.8epss 0.07
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
- risk 0.64cvss 9.8epss 0.04
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code…
- risk 0.64cvss 9.8epss 0.04
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL.…
- risk 0.64cvss 9.8epss 0.01
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
- risk 0.64cvss 9.8epss 0.01
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this:…