Exponent Cms Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
5.9AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
8.5AI Score
0.002EPSS
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
7.1AI Score
0.009EPSS
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
5.9AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "...
5.7AI Score
0.013EPSS
6.1CVSS
6AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
6.1CVSS
6AI Score
0.001EPSS
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the...
6.1CVSS
6.2AI Score
0.001EPSS
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
9.8CVSS
9.8AI Score
0.035EPSS
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
9.8CVSS
9.4AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments...
9.8CVSS
10AI Score
0.005EPSS
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
9.8CVSS
9.5AI Score
0.005EPSS
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
7.5CVSS
7.8AI Score
0.003EPSS
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
9.8CVSS
9.6AI Score
0.002EPSS
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
9.8CVSS
9.8AI Score
0.007EPSS
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
9.8CVSS
10AI Score
0.002EPSS
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
9.8CVSS
10AI Score
0.002EPSS
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
9.8CVSS
10AI Score
0.002EPSS
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
9.8CVSS
10AI Score
0.002EPSS
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
9.8CVSS
10AI Score
0.003EPSS
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
9.8CVSS
10AI Score
0.002EPSS
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
9.8CVSS
10AI Score
0.002EPSS
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
9.8CVSS
9.9AI Score
0.012EPSS
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.
9.8CVSS
9.9AI Score
0.012EPSS
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
9.8CVSS
9.5AI Score
0.002EPSS
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
9.8CVSS
9.5AI Score
0.002EPSS
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
9.8CVSS
9.4AI Score
0.005EPSS
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
9.8CVSS
9.4AI Score
0.005EPSS
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
9.8CVSS
10AI Score
0.002EPSS
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
9.8CVSS
10AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.002EPSS
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.002EPSS
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
9.8CVSS
10AI Score
0.002EPSS
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
7.5CVSS
7.8AI Score
0.001EPSS
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
7.5CVSS
7.8AI Score
0.001EPSS
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized met...
7.5CVSS
8.1AI Score
0.001EPSS
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sani...
7.5CVSS
8.2AI Score
0.001EPSS
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact...
7.5CVSS
8.1AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
8.8CVSS
9.4AI Score
0.001EPSS
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
9.1CVSS
9.1AI Score
0.002EPSS
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
7.5CVSS
8.2AI Score
0.001EPSS
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
7.5CVSS
8.2AI Score
0.001EPSS
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
5.3CVSS
6AI Score
0.002EPSS
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
5.3CVSS
6AI Score
0.002EPSS
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
5.3CVSS
5.2AI Score
0.002EPSS
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
9.8CVSS
9.7AI Score
0.002EPSS
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
9.8CVSS
9.8AI Score
0.002EPSS