Exponent Cms@* Security Vulnerabilities and Issues — Exponent Cms@* CVE List

Lucene search

ExponentcmsExponent Cms*

5 matches found

CVE•added 2016/11/03 10:59 a.m.•38 views

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.

9.8CVSS9.4AI score0.01203EPSS

CVE•added 2016/11/03 10:59 a.m.•37 views

CVE-2016-7453

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.

9.8CVSS9.6AI score0.00532EPSS

CVE•added 2016/11/03 10:59 a.m.•31 views

CVE-2016-7452

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.

7.5CVSS7.8AI score0.01057EPSS

CVE•added 2016/11/11 11:59 p.m.•30 views

CVE-2016-9288

In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.

9.8CVSS9.8AI score0.00251EPSS

CVE•added 2016/11/11 11:59 a.m.•27 views

CVE-2016-9272

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.

9.1CVSS9.1AI score0.00335EPSS