Filtered by vendor Exponentcms Subscriptions
Filtered by product Exponent Cms Subscriptions
Total 59 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-7783 1 Exponentcms 1 Exponent Cms 2017-03-31 N/A
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2016-7782 1 Exponentcms 1 Exponent Cms 2017-03-31 N/A
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
CVE-2016-7781 1 Exponentcms 1 Exponent Cms 2017-03-31 N/A
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
CVE-2016-7780 1 Exponentcms 1 Exponent Cms 2017-03-31 N/A
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVE-2017-5879 1 Exponentcms 1 Exponent Cms 2017-02-08 N/A
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.
CVE-2015-8667 1 Exponentcms 1 Exponent Cms 2017-01-19 N/A
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
CVE-2015-8684 1 Exponentcms 1 Exponent Cms 2017-01-19 N/A
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
CVE-2016-7791 1 Exponentcms 1 Exponent Cms 2017-01-13 N/A
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.
CVE-2016-7790 1 Exponentcms 1 Exponent Cms 2017-01-13 N/A
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
CVE-2016-7453 1 Exponentcms 1 Exponent Cms 2016-12-02 N/A
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVE-2016-9134 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
CVE-2016-9135 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
CVE-2016-9184 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
CVE-2016-9183 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure.
CVE-2016-9182 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.
CVE-2016-9272 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVE-2016-9242 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
CVE-2016-9287 1 Exponentcms 1 Exponent Cms 2016-11-29 N/A
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
CVE-2013-3295 1 Exponentcms 1 Exponent Cms 2014-12-30 N/A
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.