Exponent Cms@2.4.0 Security Vulnerabilities and Issues — Exponent Cms@2.4.0 CVE List

Lucene search

ExponentcmsExponent Cms2.4.0

11 matches found

CVE•added 2016/11/11 10:59 p.m.•37 views

CVE-2016-9283

SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.

7.5CVSS8.2AI score0.00264EPSS

CVE•added 2016/11/04 10:59 a.m.•35 views

CVE-2016-9182

Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized met...

7.5CVSS8.1AI score0.00177EPSS

CVE•added 2016/11/11 10:59 p.m.•33 views

CVE-2016-9286

framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.

5.3CVSS5.2AI score0.00213EPSS

CVE•added 2016/11/04 10:59 a.m.•32 views

CVE-2016-9183

In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sani...

7.5CVSS8.2AI score0.00477EPSS

CVE•added 2016/11/15 11:59 a.m.•31 views

CVE-2016-9287

In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.

9.8CVSS9.7AI score0.00532EPSS

CVE•added 2016/11/29 11:59 p.m.•31 views

CVE-2016-9481

In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL inje...

9.8CVSS9.8AI score0.00409EPSS

CVE•added 2016/11/04 10:59 a.m.•30 views

CVE-2016-9184

In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact...

7.5CVSS8.1AI score0.00533EPSS

CVE•added 2016/11/11 10:59 p.m.•30 views

CVE-2016-9282

SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.

7.5CVSS8.2AI score0.00264EPSS

CVE•added 2016/11/11 10:59 p.m.•30 views

CVE-2016-9285

framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.

5.3CVSS6AI score0.00213EPSS

CVE•added 2016/11/11 10:59 p.m.•28 views

CVE-2016-9284

getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.

5.3CVSS6AI score0.00213EPSS

CVE•added 2016/11/07 11:59 a.m.•24 views

CVE-2016-9242

Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.

8.8CVSS9.4AI score0.00433EPSS