Exponent Cms@2.4.1 Security Vulnerabilities and Issues — Exponent Cms@2.4.1 CVE List

Lucene search

ExponentcmsExponent Cms2.4.1

2 matches found

cve•added 2017/02/06 3:59 p.m.•42 views

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability af...

9.8CVSS9.7AI score0.00329EPSS

cve•added 2018/03/04 2:29 a.m.•35 views

CVE-2017-18213

In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.

7.2CVSS7AI score0.00599EPSS