CVE-2018-17874

ExpressionEngine before 4.3.5 has reflected XSS...

ExpressionEngine: License verification mechanism can be bypassed

@unbaiat discovered that an invalid license file could be accepted as valid in certain circumstances. @unbaiat gave a detailed report with step-by-step instructions for replicating, enabling a speedy resolution to the issue...

ExpressionEngine: Persistent XSS via malicious license file

@unbaiat discovered that the display of the license file information was not properly sanitized leaving it vulnerable to XSS. @unbaiat gave a detailed report with step-by-step instructions for replicating, enabling a speedy resolution to the issue...

ExpressionEngine: XML Member Proccessing - Local File inclusion Vulnerability

@lawrenceamer discovered a local file inclusion vulnerability that logged in users with access to the control panel and permission to access developer utilities may be able to exploit. @lawrenceamer gave a detailed report with step-by-step instructions for replicating and screen captures of a the...

ExpressionEngine: Import File Converter - local File inclusion

@lawrenceamer discovered a local file inclusion vulnerability that logged in users with access to the control panel and permission to access developer utilities may be able to exploit. @lawrenceamer gave a detailed report with step-by-step instructions for replicating and screen captures of a the...

ExpressionEngine: [EE] Spoof the redirect process

The original report was not a security issue, but that did lead the reporter to discovering that a user could potentially be tricked by nesting redirects so that they first redirected to the site itself, which would allow the second redirect to occur without warning the user that they were being...

ExpressionEngine: [EE] change the author of post using the author_id

@flex0geek discovered that users with permission to edit entries in the control panel could manipulate the form or POST submission and set an invalid author as the author of that entry. @flex0geek gave a detailed report with step-by-step instructions for replicating and screen captures of a their...

ExpressionEngine: RCE By import channel field

The reporter determined that a malicious Channel Set could be used to allow an administrator to upload a PHP file that they might otherwise not have permission to upload. Combined with the temporary folder name algorithm being available in the source code, the malicious administrator could...

EllisLab ExpressionEngine Cross-Site Scripting Vulnerability

EllisLab ExpressionEngine is the United States EllisLab company's set of content management system CMS, it provides Web publishing, template engine and attachment components and other modules. A cross-site scripting vulnerability exists in EllisLab ExpressionEngine version 3.4.2. A remote attacke...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

Cross site scripting

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting that results in PHP code injection. Affected product/version is explicitly stated (ExpressionEngine 3.4.2). The impact is described as XSS leading to PHP code execution, with no explicit exploit details, vectors, or affected co...

ExpressionEngine: Potential code injection in fun delete_directory

Under /system/ee/legacy/libraries/Functions.php, function deletedirectory contains calls to exec 3 times using different, potentially "unsanitized" paramateres. As the PHP manual suggest, escapeshellarg should be used to sanitize individual arguments 1. On an implementation in which the attacker...

ExpressionEngine: Image lib - unescaped file path

Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...

EllisLab ExpressionEngine Weak Password Vulnerability

EllisLab ExpressionEngine is the United States EllisLab company's set of content management system CMS, it provides Web publishing, template engine and attachment components and other modules. A security vulnerability exists in EllisLab ExpressionEngine version 2.x prior to 2.11.8 and version 3.x...

Remote code execution

ExpressionEngine version 2.x 2.11.8 and version 3.x 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution...

CVE-2017-0897

ExpressionEngine version 2.x 2.11.8 and version 3.x 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution...

CVE-2017-0897

ExpressionEngine version 2.x 2.11.8 and version 3.x 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution...