59 matches found
CVE-2022-23048
CVE-2022-23048 affects Exponent CMS 2.6.0patch2. An authenticated admin can upload a ZIP extension containing a PHP file; the file is written to the server under themes/simpletheme/{rce}.php and can be accessed to execute commands. This is a post-auth file upload vulnerability enabling remote cod...
CVE-2022-23049
Exponent CMS 2.6.0patch2 is affected by a vulnerability where an authenticated user can inject persistent JavaScript in the User-Agent header at login. When an administrator visits the User Sessions tab, the injected script is executed, enabling session compromise of the administrator. The availa...
CVE-2013-3294
CVE-2013-3294 and CVE-2013-3295 affect Exponent CMS, with multiple vulnerabilities in 2.2.0 beta3 and earlier: CVE-2013-3294 is a SQL Injection in index.php via src and username parameters, exploitable remotely; CVE-2013-3295 is a PHP File Inclusion via install/popup.php?page parameter, enabling ...
CVE-2022-23047
Exponent CMS 2.6.0patch2 is affected: an authenticated admin can inject persistent JavaScript into the Site/Organization Name, Site Title, and Site Header when updating settings via /exponentcms/administration/configure_site. Several connected sources describe this as a cross-site scripting issue...
CVE-2016-9022
Exponent CMS prior to 2.6.0 contains an input validation flaw in usersController.php. The issue, caused by improper input validation, affects Exponent CMS versions before 2.6.0. Public references indicate a high-severity impact with access via network (per CVSS v2) and a critical impact profile (...
CVE-2016-9026
CVE-2016-9026 affects Exponent CMS prior to 2.6.0, where improper input validation in fileController.php creates a vulnerability in the CMS. Multiple connected sources confirm the issue exists in Exponent CMS before 2.6.0; the problem is tied to fileController.php input handling. The exploitation...
CVE-2016-9023
CVE-2016-9023 affects Exponent CMS prior to 2.6.0, attributing the issue to improper input validation in cron/find_help.php. Multiple sources (NVD, Red Hat advisory, CNVD, OSV) corroborate this vulnerability in Exponent CMS versions before 2.6.0. The NVD metrics indicate a high/critical impact (C...
CVE-2016-9025
CVE-2016-9025 affects Exponent CMS prior to 2.6.0 due to improper input validation in purchaseOrderController.php. The vulnerability exposes high-impact risks on confidentiality, integrity, and availability (CVSS v3.1: Network, NONE user interaction, C/H/I/H). Public references confirm the issue ...
CVE-2016-9021
CVE-2016-9021 affects Exponent CMS prior to 2.6.0, with a vulnerability in the input validation of storeController.php. The Red Hat, NVD, OSV, CNVD, and other references corroborate that the issue lies in improper input validation, leading to high-severity impact (CVSSv3.1: CRITICAL; CVSSv2: HIGH...
CVE-2016-7400
Exponent CMS before 2.4.0 is affected by multiple SQL injection vulnerabilities (parameters: id in activate_address, title in show blog, content_id in showComments expComment) that allow remote attackers to execute arbitrary SQL. Official fix released in version 2.4.0; upgrade to 2.4.0 or apply v...
CVE-2013-3295
Vulnerability overview (CVE-2013-3295) : Exponent CMS prior to 2.2.0 RC1 contains a PHP File Inclusion/Directory Traversal flaw in the install/popup.php script. The vulnerability arises from improper handling of the page parameter, allowing remote unauthenticated attackers to traverse the local f...
CVE-2016-8900
Exponent CMS 2.3.9 is affected by an Object Injection vulnerability in framework/modules/core/controllers/expTagController.php (change_tags). The issue is documented across multiple sources (NVD, RH, CVE lists, etc.) under CVE-2016-8900. According to the NVD entry, the vulnerability has a base sc...
CVE-2015-8684
CVE-2015-8684 affects Exponent CMS prior to 2.3.7. The flaw arises from insufficiently restricting upload file types, enabling an attacker to upload an HTML file and trigger cross-site scripting via the elFinder functionality. Impact described as remote XSS and possibly other unspecified effects....
CVE-2017-5879
CVE-2017-5879 affects Exponent CMS 2.4.1. The issue is a blind SQL injection in the file/source_selector.php, targeting the src parameter, that can be exploited by unauthenticated users via an HTTP GET request and may allow dumping of database data to a malicious server using an out-of-band techn...
CVE-2016-8898
Summary: CVE-2016-8898 affects Exponent CMS 2.3.9, with a SQL injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. The issue is a database-level injection vulnerability in that cart controller path. The NVD entry lists a high/critical impact profile (CVSS v2: HIG...
CVE-2016-9182
Exponent CMS 2.4 is vulnerable to a permission-bypass flaw in its controller dispatch: PHP reflection treats method names as case-insensitive and undefined actions may run by default. An attacker can use a capitalized method name (e.g., action=Preview) to bypass checks that would deny access with...
CVE-2016-8897
CVE-2016-8897 affects Exponent CMS version 2.3.9, with a SQL injection vulnerability in framework/modules/help/controllers/helpController.php. The issue is described across multiple feeds (NVD, RH, OSV, CNVD, CVE lists) as a SQL injection in that PHP file, but the provided documents do not specif...
CVE-2017-8085
Exponent CMS vulnerable before 2.4.1 Patch #5 due to an XSS flaw in elFinder (framework/modules/file/connector/elfinder.php). The issue affects Exponent CMS versions prior to 2.4.1 Patch #5; patch 2.4.1 Patch #5 fixes the vulnerability. The connected sources describe the vulnerability as a cross-...
CVE-2017-18213
CVE-2017-18213 affects Exponent CMS prior to 2.4.1 Patch #6. The vulnerability allows certain admin users to elevate their privileges, constituting a privilege-escalation issue. The CVSS metrics in the provided sources indicate a high impact (CONFIDENTIALITY, INTEGRITY, and AVAILABILITY affected;...
CVE-2021-32441
The CVE-2021-32441 issue affects Exponent-CMS, specifically the expConfig.selectValue path in version 2.6.0. The vulnerability is a SQL Injection that can lead to disclosure of sensitive information. The public records consistently identify the fix as upgrading to version 2.7.0. There is no expli...
CVE-2010-5002
CVE-2010-5002: Exponent CMS 0.97.0 is affected by a Cross-Site Scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php, exploitable via the u parameter to inject arbitrary script/HTML. The NVD entry lists a 4.3 base score (Medium) with network access, no confidentiality/availabi...
CVE-2016-9087
CVE-2016-9087 affects Exponent CMS 2.3.9 and earlier, with a SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php via the fileid parameter. Multiple connected sources describe the vulnerability across CVSS metrics: CVSS v2 base 7.5 (P/C/I/A partial...
CVE-2016-9283
CVE-2016-9283 affects Exponent CMS v2.4.0 and is due to an SQL injection in framework/core/subsystems/expRouter.php, enabling remote attackers to read database information via address/addContentToSearch/id/ and a trailing string related to the sef URL mechanism. Multiple feeds (NVD entry, CNVD/CV...
CVE-2016-7095
Exponent CMS prior to version 2.3.9 is vulnerable to an attacker uploading a malicious script file via redirection to place it in an unprotected folder that allows script execution. This affects Exponent CMS 2.3.x and earlier components handling file uploads; impact includes potential code execut...
CVE-2016-7453
CVE-2016-7453 affects Exponent CMS prior to v2.3.9 patch 2, due to SQL injection in the Pixidou Image Editor component. The vulnerability arises from inadequate input filtering in the editor module, enabling an attacker to perform an SQL injection that could compromise the application and its dat...
CVE-2016-7780
CVE-2016-7780 affects Exponent CMS up to version 2.3.9. The vulnerability is a SQL injection in cron/find_help.php where the version parameter can be controlled to execute arbitrary SQL commands. Mitigation/repair exists in the project; a fix is provided in the Exponent CMS repository (commit a8e...
CVE-2016-8899
CVE-2016-8899 affects Exponent CMS version 2.3.9 and involves an Object Injection vulnerability in the file framework/modules/core/controllers/expCatController.php, related to change_cats. The available documents identify the affected product and component and confirm the root cause as object inj...
CVE-2016-9134
Exponent CMS 2.3.9 suffers from a SQL injection in the file /expPaginator.php via the order parameter, leading to potential information disclosure. Documented across multiple sources (NVD, CNVD, OSV, CVE record). Root cause: unsafely interpolated input in a query. Impact: Information Disclosure. ...
CVE-2016-7781
Exponent CMS prior to 2.4.0 is affected by a SQL injection in the blog module: in blogController.php the author parameter is used unsafely. Root cause: $this->params['author'] is not escaped, enabling time-based blind SQL injection. A fix is available in the repository commit fdafb5ec97838e4ed...
CVE-2016-7791
Exponent CMS 2.3.9 is affected by CVE-2016-7791, a remote code execution vulnerability in /install/index.php. An attacker can upload a crafted exploit.tar.gz and trigger extraction via /install/index.php?install_sample=../../files/exploit, leading to arbitrary code execution. NVD lists CVSSv2 bas...
CVE-2016-9020
Summary of CVE-2016-9020 : Exponent CMS up to version 2.3.9 contains a SQL injection in the helpController.php (framework/modules/help/controllers/helpController.php) that allows an attacker to inject via the version parameter and potentially execute arbitrary SQL. Public sources (NVD/OpenVAS and...
CVE-2016-9135
Exponent CMS 2.3.9 is affected by a SQL injection in /framework/modules/help/controllers/helpController.php (version parameter). Root cause: improper handling of the version parameter leading to information disclosure. Evidence across NVD/CNVD/OSVLINE shows the same vulnerability; exploitation de...
CVE-2016-9183
The CVE-2016-9183 entry concerns Exponent CMS 2.4.0, where /framework/modules/ecommerce/controllers/orderController.php passes untrusted input to selectObjectsBySql in the mysqli_database class. The injectProof filter intended to prevent SQL injection can be bypassed, depending on the presence of...
CVE-2014-8690
Exponent CMS suffers multiple XSS vulnerabilities (CVE-2014-8690) in versions before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4. attacker-controlled input via PATH_INFO, index.php none action src parameter, or the First Name/Last Name fields in users/edituser can in...
CVE-2016-2242
Exponent CMS 2.x before 2.3.7 Patch 3 is vulnerable to remote code execution via the sc parameter to install/index.php. The HTBridge advisory details that an unauthenticated attacker can inject PHP code into /framework/conf/config.php, gaining arbitrary command execution with the web server, and ...
CVE-2016-7782
CVE-2016-7782 is an SQL injection vulnerability in Exponent CMS 2.3.9 and earlier, exploitable via the src parameter in framework/core/models/expConfig.php. The connected sources indicate that $this->location_data can be controlled/injected, enabling time-based SQL injection and arbitrary SQL ...
CVE-2016-7783
CVE-2016-7783 is a SQL injection vulnerability affecting Exponent CMS 2.3.9 and earlier, exploitable via the title parameter in framework/core/models/expRecord.php. The issue allows remote attackers to execute arbitrary SQL commands. In NVD, the CVSS2 base score is 7.5 (HIGH) and the CVSS3 vector...
CVE-2016-7788
CVE-2016-7788 - Exponent CMS : A SQL injection in framework/modules/users/models/user.php affects Exponent CMS 2.3.9 and earlier, allowing remote attackers to execute arbitrary SQL via the username parameter. OpenVAS aggregates this under “Exponent CMS
CVE-2016-9019
CVE-2016-9019 describes a SQL injection in Exponent CMS up to version 2.3.9 in the activate_address function (framework/modules/addressbook/controllers/addressController.php) where the is_what parameter can be manipulated to execute arbitrary SQL. Public sources in the connected documents confirm...
CVE-2016-9286
The CVE-2016-9286 issue affects Exponent CMS v2.4.0patch1, specifically the framework/modules/users/controllers/usersController.php component. The root cause is improper access controls that allow remote attackers to read user address information, demonstrated via address/show/id/1. Multiple sour...
CVE-2017-7991
Exponent CMS 2.4.1 and earlier is affected by a SQL injection in the api() function of framework/modules/eaas/controllers/eaasController.php. The root cause is lack of input validation on the apikey parameter, which is base64-encoded, URL-decoded, and unserialized (via expUnserialize) before furt...
CVE-2016-7443
CVE-2016-7443 affects Exponent CMS, versions 2.3.0 to 2.3.9. The issue is a vulnerable file upload path that could allow a remote attacker to impact the system via uploading files to the wrong location. The vulnerability description is supported by multiple feeds and references, indicating a secu...
CVE-2016-9282
The provided connected sources confirm CVE-2016-9282 affects Exponent CMS (version 2.4.0). A SQL injection vulnerability exists in framework/modules/search/controllers/searchController.php, exploitable via action=search&module=search with the search_string parameter, allowing remote attackers to ...
CVE-2015-1177
Exponent CMS 2.3.2 is affected by a reflected cross-site scripting (XSS) vulnerability in index.php, exploitable via the src parameter in the search functionality. Technical details across sources show that an attacker can craft a URL containing malicious JavaScript (e.g., payloads like or onerr...
CVE-2016-7565
Summary: CVE-2016-7565 affects Exponent CMS, specifically install/index.php in version 2.3.9, where remote command execution is possible via shell metacharacters in the sc array parameter. The vulnerability’s root cause is improper handling of shell metacharacters, enabling an attacker to execute...
CVE-2016-7790
Exponent CMS 2.3.9 is affected by a remote code execution vulnerability in /install/index.php. An attacker can upload a PHP file via uploader_paste.php and then overwrite /framework/conf/config.php to achieve arbitrary code execution. This is enabled by the ability to place a crafted file on the ...
CVE-2015-8667
CVE-2015-8667 affects Exponent CMS prior to 2.3.5. The vulnerability is a Cross-site Scripting (XSS) in the Reset Your Password module that allows injection of arbitrary script/HTML via the Username/Email field. Affected component: Reset Your Password workflow; root cause: insufficient sanitizati...
CVE-2016-7789
Exponent CMS 2.3.9 and earlier is affected by a SQL injection in framework/core/models/expConfig.php, exploitable via the apikey parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands; the NVD entry labels it high/critical with network access and no authentication ...
CVE-2016-7452
Exponent CMS is affected by a directory traversal vulnerability in the Pixidou Image Editor component, tracked as CVE-2016-7452. The issue allows uploading a malicious file to any folder on the site via a cpi directory traversal vector, affecting Exponent CMS prior to v2.3.9 patch 2. The known re...
CVE-2016-9288
CVE-2016-9288 affects Exponent CMS v2.4.0 or older, where the parameter target in DragnDropReRank is used without filtration in framework/modules/navigation/controllers/navigationController.php, enabling SQL injection. The vulnerability is described consistently across sources (NVD entry and CNVD...