Vendor CVEs
Exponent
All CVEs
79 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7400 | Cri | 0.67 | 9.8 | 0.05 | Feb 7, 2017 | Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id… | ||
| CVE-2017-7991 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2017 | Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | ||
| CVE-2016-9087 | Cri | 0.64 | 9.8 | 0.02 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | ||
| CVE-2016-9020 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | ||
| CVE-2016-9019 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | ||
| CVE-2016-7789 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | ||
| CVE-2016-7788 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||
| CVE-2016-7784 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | ||
| CVE-2016-7783 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||
| CVE-2016-7782 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | ||
| CVE-2016-7781 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | ||
| CVE-2016-7780 | Cri | 0.64 | 9.8 | 0.03 | Mar 7, 2017 | SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | ||
| CVE-2016-7565 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2017 | install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | ||
| CVE-2017-5879 | Cri | 0.64 | 9.8 | 0.02 | Feb 6, 2017 | An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile().… | ||
| CVE-2016-2242 | Cri | 0.64 | 9.8 | 0.07 | Jan 23, 2017 | Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | ||
| CVE-2016-7791 | Cri | 0.64 | 9.8 | 0.04 | Jan 12, 2017 | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code… | ||
| CVE-2016-7790 | Cri | 0.64 | 9.8 | 0.04 | Jan 12, 2017 | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | ||
| CVE-2016-9481 | Cri | 0.64 | 9.8 | 0.02 | Nov 29, 2016 | In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL.… | ||
| CVE-2016-9287 | Cri | 0.64 | 9.8 | 0.01 | Nov 15, 2016 | In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. | ||
| CVE-2016-9288 | Cri | 0.64 | 9.8 | 0.01 | Nov 11, 2016 | In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this:… | ||
| CVE-2016-7453 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2016 | The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | ||
| CVE-2016-7095 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2016 | Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | ||
| CVE-2016-9272 | Cri | 0.59 | 9.1 | 0.02 | Nov 11, 2016 | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | ||
| CVE-2016-7443 | Cri | 0.57 | 9.8 | 0.02 | Mar 7, 2018 | Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | ||
| CVE-2016-9242 | Hig | 0.57 | 8.8 | 0.01 | Nov 7, 2016 | Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | ||
| CVE-2016-9283 | Hig | 0.49 | 7.5 | 0.02 | Nov 11, 2016 | SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | ||
| CVE-2016-9282 | Hig | 0.49 | 7.5 | 0.02 | Nov 11, 2016 | SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | ||
| CVE-2016-9184 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2016 | In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for… | ||
| CVE-2016-9183 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2016 | In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed… | ||
| CVE-2016-9182 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2016 | Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can… | ||
| CVE-2016-9135 | Hig | 0.49 | 7.5 | 0.02 | Nov 3, 2016 | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | ||
| CVE-2016-9134 | Hig | 0.49 | 7.5 | 0.02 | Nov 3, 2016 | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | ||
| CVE-2016-7452 | Hig | 0.49 | 7.5 | 0.02 | Nov 3, 2016 | The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | ||
| CVE-2017-18213 | Hig | 0.47 | 7.2 | 0.01 | Mar 4, 2018 | In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | ||
| CVE-2021-47931 | Med | 0.42 | 6.4 | 0.00 | May 10, 2026 | Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to… | ||
| CVE-2015-1177 | Med | 0.40 | 6.1 | 0.01 | Aug 28, 2017 | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | ||
| CVE-2017-8085 | Med | 0.40 | 6.1 | 0.01 | Apr 24, 2017 | In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | ||
| CVE-2015-8684 | Med | 0.40 | 6.1 | 0.01 | Jan 18, 2017 | Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then… | ||
| CVE-2015-8667 | Med | 0.40 | 6.1 | 0.01 | Jan 18, 2017 | Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | ||
| CVE-2016-9286 | Med | 0.35 | 5.3 | 0.01 | Nov 11, 2016 | framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | ||
| CVE-2016-9285 | Med | 0.35 | 5.3 | 0.01 | Nov 11, 2016 | framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | ||
| CVE-2016-9284 | Med | 0.35 | 5.3 | 0.01 | Nov 11, 2016 | getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | ||
| CVE-2006-4963 | 0.04 | — | 0.07 | Sep 23, 2006 | Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code… | |||
| CVE-2014-8690 | 0.03 | — | 0.04 | Feb 19, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to… | |||
| CVE-2013-3294 | 0.03 | — | 0.02 | Feb 11, 2014 | Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php. | |||
| CVE-2010-5002 | 0.03 | — | 0.02 | Nov 1, 2011 | Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter. | |||
| CVE-2007-2337 | 0.03 | — | 0.02 | Apr 27, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url… | |||
| CVE-2007-2252 | 0.03 | — | 0.03 | Apr 25, 2007 | Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter. | |||
| CVE-2021-38751 | 0.01 | — | 0.02 | Aug 16, 2021 | A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM. | |||
| CVE-2021-32441 | 0.00 | — | 0.01 | Feb 17, 2023 | SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. |
- risk 0.67cvss 9.8epss 0.05
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id…
- risk 0.64cvss 9.8epss 0.02
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
- risk 0.64cvss 9.8epss 0.02
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile().…
- risk 0.64cvss 9.8epss 0.07
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
- risk 0.64cvss 9.8epss 0.04
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code…
- risk 0.64cvss 9.8epss 0.04
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL.…
- risk 0.64cvss 9.8epss 0.01
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
- risk 0.64cvss 9.8epss 0.01
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this:…
- risk 0.64cvss 9.8epss 0.01
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
- risk 0.64cvss 9.8epss 0.02
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
- risk 0.59cvss 9.1epss 0.02
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
- risk 0.57cvss 9.8epss 0.02
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
- risk 0.57cvss 8.8epss 0.01
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
- risk 0.49cvss 7.5epss 0.02
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
- risk 0.49cvss 7.5epss 0.02
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
- risk 0.49cvss 7.5epss 0.02
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for…
- risk 0.49cvss 7.5epss 0.02
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed…
- risk 0.49cvss 7.5epss 0.01
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can…
- risk 0.49cvss 7.5epss 0.02
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
- risk 0.49cvss 7.5epss 0.02
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
- risk 0.49cvss 7.5epss 0.02
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
- risk 0.47cvss 7.2epss 0.01
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
- risk 0.42cvss 6.4epss 0.00
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
- risk 0.40cvss 6.1epss 0.01
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
- risk 0.40cvss 6.1epss 0.01
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
- risk 0.35cvss 5.3epss 0.01
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
- risk 0.35cvss 5.3epss 0.01
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
- risk 0.35cvss 5.3epss 0.01
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
- CVE-2006-4963Sep 23, 2006risk 0.04cvss —epss 0.07
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code…
- CVE-2014-8690Feb 19, 2015risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to…
- CVE-2013-3294Feb 11, 2014risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
- CVE-2010-5002Nov 1, 2011risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
- CVE-2007-2337Apr 27, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url…
- CVE-2007-2252Apr 25, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
- CVE-2021-38751Aug 16, 2021risk 0.01cvss —epss 0.02
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.
- CVE-2021-32441Feb 17, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
Page 1 of 2