Exponent Cms Security Vulnerabilities and Issues — Exponent Cms CVE List

Lucene search

ExponentcmsExponent Cms

3 matches found

CVE•added 2017/02/07 3:59 p.m.•51 views

CVE-2016-7400

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments...

9.8CVSS10AI score0.18219EPSS

CVE•added 2017/02/06 3:59 p.m.•42 views

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability af...

9.8CVSS9.7AI score0.00329EPSS

CVE•added 2017/02/13 6:59 p.m.•33 views

CVE-2016-7565

install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.

9.8CVSS9.8AI score0.01513EPSS