Sql injection

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure...

Design/Logic Flaw

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS prior to version 2.3.9 is vulnerable to an attacker uploading a malicious script file via redirection to place it in an unprotected folder that allows script execution. This affects Exponent CMS 2.3.x and earlier components handling file uploads; impact includes potential code execut...

CVE-2016-9135

Exponent CMS 2.3.9 is affected by a SQL injection in /framework/modules/help/controllers/helpController.php (version parameter). Root cause: improper handling of the version parameter leading to information disclosure. Evidence across NVD/CNVD/OSVLINE shows the same vulnerability; exploitation de...

CVE-2016-7453

CVE-2016-7453 affects Exponent CMS prior to v2.3.9 patch 2, due to SQL injection in the Pixidou Image Editor component. The vulnerability arises from inadequate input filtering in the editor module, enabling an attacker to perform an SQL injection that could compromise the application and its dat...

CVE-2016-9135

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure...

CVE-2016-9134

Exponent CMS 2.3.9 suffers from a SQL injection in the file /expPaginator.php via the order parameter, leading to potential information disclosure. Documented across multiple sources (NVD, CNVD, OSV, CVE record). Root cause: unsafely interpolated input in a query. Impact: Information Disclosure. ...

CVE-2016-9134

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure...

CVE-2016-7452

Exponent CMS is affected by a directory traversal vulnerability in the Pixidou Image Editor component, tracked as CVE-2016-7452. The issue allows uploading a malicious file to any folder on the site via a cpi directory traversal vector, affecting Exponent CMS prior to v2.3.9 patch 2. The known re...

CVE-2016-7452

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal...

CVE-2016-7453

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

Exponent CMS 2.3.9 SQL Injection Vulnerability

Exploit for php platform in category web applications Exponent CMS 2.3.9 SQL Injection Vulnerability Disclose 10 cve in Exponent CMS CVE-2016-7780 In the line 42 of cron/findhelp.php , $GET'version' can be controlled and injected. It is possible to time-based blind SQL Inject by the param of...

MatrixSSL pstm_exptmod Function Miscalculation Vulnerability

INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. The pstmexptmod in MatrixSSL inputs incorrect results for certain parameters, causing the associated cryptographic functions to fail to handle the private key...

Exponent CMS 2.3.9 Cross Site Scripting

======================================================================== | Title : Exponent CMS versions 2.3.9 XSS vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 2.3.9 | Vendor :...

Exponent CMS Local File Inclusion Vulnerability

Exponent CMS is a free, open source, modular PHP-based content management system. Exponent CMS suffers from a local file inclusion vulnerability that allows remote attackers to submit a specially crafted request to view the contents of system files with WEB privileges...

Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2016-08139)

Exponent CMS is a free, open source, modular PHP-based content management system. Exponent CMS suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or...

Exponent CMS Arbitrary Code Execution Vulnerability

Exponent CMS employs an intuitive and flexible content editing system that allows website pages to be edited on-page as it is displayed. An arbitrary code execution vulnerability exists in Exponent CMS due to a failure to properly validate user input. An attacker could exploit the vulnerability t...

Exponent CMS File Upload Vulnerability

Exponent CMS employs an intuitive and flexible content editing system that allows website pages to be edited on-page as it is displayed. A file upload vulnerability exists in Exponent CMS due to a failure to properly validate user input. This allows attackers to exploit the vulnerability to uploa...

Exponent CMS 2.3.9 - Blind SQL Injection

Exponent CMS 2.3.9 - Blind SQL Injection ============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400...