CVE-2016-9284

getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string...

CVE-2016-9286

The CVE-2016-9286 issue affects Exponent CMS v2.4.0patch1, specifically the framework/modules/users/controllers/usersController.php component. The root cause is improper access controls that allow remote attackers to read user address information, demonstrated via address/show/id/1. Multiple sour...

CVE-2016-9283

CVE-2016-9283 affects Exponent CMS v2.4.0 and is due to an SQL injection in framework/core/subsystems/expRouter.php, enabling remote attackers to read database information via address/addContentToSearch/id/ and a trailing string related to the sef URL mechanism. Multiple feeds (NVD entry, CNVD/CV...

CVE-2016-9285

framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...

CVE-2016-9286

framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI...

CVE-2016-9272

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service...

Sql injection

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service...

CVE-2016-9272

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service...

CVE-2016-9272

Exponent CMS before version 2.4.0 contains a blind SQL injection via the rerank array parameter that can lead to partial database information disclosure and denial of service. This is documented across CVE-2016-9272 entries (NVD, CNVD/OSV). The core issue is an injectable parameter in the rerank ...

CVE-2016-9272

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service...

Exponent CMS 2.4.0 Blind SQL Injection Vulnerability

Exponent CMS version 2.4.0 suffers from a remote blind SQL injection vulnerability...

Exponent CMS 2.4.0 Blind SQL Injection

Document Title: =============== Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 References Source: ==================== https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-sql-injection-vulnerability-in-exponent-cms-240-4...

Exponent CMS SQL Injection Vulnerability (CNVD-2016-10804)

Exponent is a web content management system. Multiple SQL injection vulnerabilities exist in the framework/modules/core/controllers/expRatingController.php/update method in Exponent CMS version 2.4.0, which can be exploited by an authenticated remote user to execute arbitrary SQL commands via the...

CVE-2016-9242

Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 contenttype or 2 subtype parameter...

CVE-2016-9242

Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 contenttype or 2 subtype parameter...

Sql injection

Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 contenttype or 2 subtype parameter...

CVE-2016-9242

Exponent CMS 2.4.0 is affected by multiple SQL injection vulnerabilities in the update method of framework/modules/core/controllers/expRatingController.php. The issues allow remote authenticated users to execute arbitrary SQL commands via the content_type or subtype parameters. Impact is describe...

CVE-2016-9242

Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 contenttype or 2 subtype parameter...

OIC Exponent CMS Privilege Bypass Vulnerability

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A privilege bypass...

OIC Exponent CMS Information Disclosure Vulnerability

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. An information disclosure...