VYPR

Vendor CVEs

Exponent

All CVEs

79 total · sorted by risk
  • CVE-2016-7400CriFeb 7, 2017
    risk 0.67cvss 9.8epss 0.05

    Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id…

  • CVE-2017-7991CriApr 22, 2017
    risk 0.64cvss 9.8epss 0.02

    Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.

  • CVE-2016-9087CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.

  • CVE-2016-9020CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.

  • CVE-2016-9019CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.

  • CVE-2016-7789CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.

  • CVE-2016-7788CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2016-7784CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.

  • CVE-2016-7783CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

  • CVE-2016-7782CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.

  • CVE-2016-7781CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.

  • CVE-2016-7780CriMar 7, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.

  • CVE-2016-7565CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.

  • CVE-2017-5879CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile().…

  • CVE-2016-2242CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.07

    Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.

  • CVE-2016-7791CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.04

    Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code…

  • CVE-2016-7790CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.04

    Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.

  • CVE-2016-9481CriNov 29, 2016
    risk 0.64cvss 9.8epss 0.02

    In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL.…

  • CVE-2016-9287CriNov 15, 2016
    risk 0.64cvss 9.8epss 0.01

    In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.

  • CVE-2016-9288CriNov 11, 2016
    risk 0.64cvss 9.8epss 0.01

    In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this:…

  • CVE-2016-7453CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.01

    The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.

  • CVE-2016-7095CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.02

    Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.

  • CVE-2016-9272CriNov 11, 2016
    risk 0.59cvss 9.1epss 0.02

    A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.

  • CVE-2016-7443CriMar 7, 2018
    risk 0.57cvss 9.8epss 0.02

    Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."

  • CVE-2016-9242HigNov 7, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.

  • CVE-2016-9283HigNov 11, 2016
    risk 0.49cvss 7.5epss 0.02

    SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.

  • CVE-2016-9282HigNov 11, 2016
    risk 0.49cvss 7.5epss 0.02

    SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.

  • CVE-2016-9184HigNov 4, 2016
    risk 0.49cvss 7.5epss 0.02

    In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for…

  • CVE-2016-9183HigNov 4, 2016
    risk 0.49cvss 7.5epss 0.02

    In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed…

  • CVE-2016-9182HigNov 4, 2016
    risk 0.49cvss 7.5epss 0.01

    Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can…

  • CVE-2016-9135HigNov 3, 2016
    risk 0.49cvss 7.5epss 0.02

    Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.

  • CVE-2016-9134HigNov 3, 2016
    risk 0.49cvss 7.5epss 0.02

    Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.

  • CVE-2016-7452HigNov 3, 2016
    risk 0.49cvss 7.5epss 0.02

    The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.

  • CVE-2017-18213HigMar 4, 2018
    risk 0.47cvss 7.2epss 0.01

    In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.

  • CVE-2021-47931MedMay 10, 2026
    risk 0.42cvss 6.4epss 0.00

    Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to…

  • CVE-2015-1177MedAug 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.

  • CVE-2017-8085MedApr 24, 2017
    risk 0.40cvss 6.1epss 0.01

    In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.

  • CVE-2015-8684MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then…

  • CVE-2015-8667MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.

  • CVE-2016-9286MedNov 11, 2016
    risk 0.35cvss 5.3epss 0.01

    framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.

  • CVE-2016-9285MedNov 11, 2016
    risk 0.35cvss 5.3epss 0.01

    framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.

  • CVE-2016-9284MedNov 11, 2016
    risk 0.35cvss 5.3epss 0.01

    getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.

  • CVE-2006-4963Sep 23, 2006
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code…

  • CVE-2014-8690Feb 19, 2015
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to…

  • CVE-2013-3294Feb 11, 2014
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.

  • CVE-2010-5002Nov 1, 2011
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.

  • CVE-2007-2337Apr 27, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url…

  • CVE-2007-2252Apr 25, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.

  • CVE-2021-38751Aug 16, 2021
    risk 0.01cvss epss 0.02

    A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.

  • CVE-2021-32441Feb 17, 2023
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.

Page 1 of 2