888 matches found
CVE-2016-9288
CVE-2016-9288 affects Exponent CMS v2.4.0 or older, where the parameter target in DragnDropReRank is used without filtration in framework/modules/navigation/controllers/navigationController.php, enabling SQL injection. The vulnerability is described consistently across sources (NVD entry and CNVD...
CVE-2016-9286
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI...
CVE-2016-9286
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI...
CVE-2016-9285
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...
CVE-2016-9285
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...
CVE-2016-9284
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string...
CVE-2016-9284
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string...
CVE-2016-9283
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue...
CVE-2016-9283
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue...
CVE-2016-9282
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the searchstring parameter...
CVE-2016-9282
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the searchstring parameter...
Sql injection
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the searchstring parameter...
Design/Logic Flaw
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...
Design/Logic Flaw
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string...
Sql injection
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue...
Code injection
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI...
CVE-2016-9283
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue...
CVE-2016-9285
CVE-2016-9285 affects Exponent CMS v2.4.0, specifically the framework/modules/addressbook/controllers/addressController.php. It allows remote attackers to read user information by altering the id parameter (example: address/edit/id/1), indicating an information-disclosure vulnerability related to...
CVE-2016-9284
CVE-2016-9284 affects Exponent CMS v2.4.0. The vulnerability resides in getUsersByJSON in framework/modules/users/controllers/usersController.php and allows remote attackers to read user information by calling users/getUsersByJSON/sort/ with a trailing string. This is an information disclosure is...
CVE-2016-9282
The provided connected sources confirm CVE-2016-9282 affects Exponent CMS (version 2.4.0). A SQL injection vulnerability exists in framework/modules/search/controllers/searchController.php, exploitable via action=search&module=search with the search_string parameter, allowing remote attackers to ...