888 matches found
CVE-2016-9020
Summary of CVE-2016-9020 : Exponent CMS up to version 2.3.9 contains a SQL injection in the helpController.php (framework/modules/help/controllers/helpController.php) that allows an attacker to inject via the version parameter and potentially execute arbitrary SQL. Public sources (NVD/OpenVAS and...
CVE-2016-7789
Exponent CMS 2.3.9 and earlier is affected by a SQL injection in framework/core/models/expConfig.php, exploitable via the apikey parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands; the NVD entry labels it high/critical with network access and no authentication ...
CVE-2016-7784
Exponent CMS 2.3.9 and earlier is affected by a SQL injection in the getSection function (framework/core/subsystems/expRouter.php). This vulnerability allows remote attackers to inject arbitrary SQL via the section parameter. Public data in the CVE entry confirms the affected product/version and ...
CVE-2016-7782
CVE-2016-7782 is an SQL injection vulnerability in Exponent CMS 2.3.9 and earlier, exploitable via the src parameter in framework/core/models/expConfig.php. The connected sources indicate that $this->location_data can be controlled/injected, enabling time-based SQL injection and arbitrary SQL ...
CVE-2016-7780
CVE-2016-7780 affects Exponent CMS up to version 2.3.9. The vulnerability is a SQL injection in cron/find_help.php where the version parameter can be controlled to execute arbitrary SQL commands. Mitigation/repair exists in the project; a fix is provided in the Exponent CMS repository (commit a8e...
CVE-2016-7780
SQL injection vulnerability in cron/findhelp.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter...
CVE-2016-7784
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter...
CVE-2016-7788
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2016-7781
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter...
CVE-2016-7789
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter...
CVE-2016-7782
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter...
OIC Exponent CMS Remote Code Execution Vulnerability (CNVD-2017-01760)
Exponent CMS is an open source content management system based on PHP, MySQL and Exponent Framework. A remote code execution vulnerability exists in the /install/index.php page of Exponent CMS, which can be exploited by an attacker to execute arbitrary code in an affected application environment....
Code injection
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter...
CVE-2016-7565
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter...
CVE-2016-7565
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter...
CVE-2016-7565
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter...
CVE-2016-7565
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter...
CVE-2016-7565
Summary: CVE-2016-7565 affects Exponent CMS, specifically install/index.php in version 2.3.9, where remote command execution is possible via shell metacharacters in the sc array parameter. The vulnerability’s root cause is improper handling of shell metacharacters, enabling an attacker to execute...
Exponent CMS 'source_selector.php' SQL Injection Vulnerability
Exponent CMS is prone to a sql injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exponentcms:exponentcms";...
CVE-2016-7400
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an activateaddress address controller action, 2 title parameter in a show blog controller action, or 3 contentid parameter in a showComments...