591 matches found
EUVD-2016-8634
Malware in sbrugna...
EUVD-2022-28158
Malicious code in bioql PyPI...
EUVD-2022-28157
Malicious code in bioql PyPI...
EUVD-2022-28159
Malicious code in bioql PyPI...
CVE-2022-23048
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...
CVE-2022-23049
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...
CVE-2016-8897
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php...
CVE-2016-8898
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php...
CVE-2016-9023
Exponent CMS before 2.6.0 has improper input validation in cron/findhelp.php...
CVE-2016-8900
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to changetags...
CVE-2016-8899
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to changecats...
CVE-2005-3764
The image gallery imagegallery component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML...
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...
Sql injection
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...
CVE-2021-32441
The CVE-2021-32441 issue affects Exponent-CMS, specifically the expConfig.selectValue path in version 2.6.0. The vulnerability is a SQL Injection that can lead to disclosure of sensitive information. The public records consistently identify the fix as upgrading to version 2.7.0. There is no expli...
OIC Exponent CMS SQL注入漏洞
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions. An SQL injection vulnerability exists in OIC Exponent CMS...
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class...