Lucene search
+L
ExponentExponent Cms

7 matches found

cve
cve
added 2006/09/23 10:0 a.m.61 views

CVE-2006-4963

Exponent CMS 0.96.3 is vulnerable to a local file inclusion (LFI) via the view parameter in the calendarmodule’s show_view action (index.php). The underlying issue is improper handling of ../ sequences that allows remote attackers to read and execute arbitrary local files, demonstrated by PHP cod...

6.4CVSS7.3AI score0.06994EPSS
cve
cve
added 2007/04/25 5:0 p.m.48 views

CVE-2007-2252

The CVE-2007-2252 entry describes a directory traversal in Exponent CMS, affecting iconspopup.php where the icodir parameter can be exploited with a .. payload to disclose sensitive information. Affected version(s): Exponent CMS 0.96.6 Alpha and earlier. Root cause is improper handling of user-su...

5CVSS6.2AI score0.02756EPSS
cve
cve
added 2006/04/04 10:0 a.m.46 views

CVE-2006-1605

The CVE-2006-1605 entry concerns Exponent CMS, specifically the image module prior to version 0.96.5 RC 1. It states an unspecified vulnerability that allows remote attackers to execute arbitrary code via unknown vectors involving “parsed PHP.” The connected documents corroborate the affected sof...

7.5CVSS7.6AI score0.02848EPSS
cve
cve
added 2007/04/25 5:0 p.m.46 views

CVE-2007-2253

CVE-2007-2253 affects Exponent CMS 0.96.6 Alpha and earlier. The vulnerability is a path disclosure where remote attackers can obtain path information by directly requesting (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. The connected documents provide these concrete affected...

5CVSS6.4AI score0.01324EPSS
cve
cve
added 2006/04/04 10:0 a.m.40 views

CVE-2006-1604

Affected product: Exponent CMS prior to 0.96.5 RC1. The vulnerability is described as an unspecified issue with variables that are not 'typecasted', with unknown impact. NVD records a CVSS v2 base score of 10.0 (HIGH) with network attack vector, requiring no authentication, and affecting confiden...

10CVSS6.5AI score0.01707EPSS
cve
cve
added 2006/04/04 10:0 a.m.39 views

CVE-2006-1607

CVE-2006-1607 – Exponent CMS : A PHP injection vulnerability exists in the banner module of Exponent CMS prior to 0.96.5 RC1. The issue is triggered via unspecified attack vectors, affecting the banner component and potentially impacting confidentiality, integrity, and availability. The NVD CVSS ...

7.5CVSS6.5AI score0.01464EPSS
cve
cve
added 2006/04/04 10:0 a.m.36 views

CVE-2006-1606

CVE-2006-1606 concerns Exponent CMS prior to 0.96.5 RC1. The image module contains an unspecified vulnerability that allows directory disclosure. The only concrete detail from the connected sources is that this affects Exponent CMS’s image module and enables partial disclosure of information, wit...

5CVSS6.5AI score0.01192EPSS