Shodan
Vulnerabilities
Vulnerable Software
Exponent:  Security Vulnerabilities
CVE-2007-2252
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
CVSS Score
5.0
EPSS Score
0.038
Published
2007-04-25
CVE-2007-2253
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.
CVSS Score
5.0
EPSS Score
0.003
Published
2007-04-25
CVE-2006-4963
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files.
CVSS Score
6.4
EPSS Score
0.099
Published
2006-09-23
CVE-2006-1604
Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted."
CVSS Score
10.0
EPSS Score
0.004
Published
2006-04-04
CVE-2006-1605
Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP."
CVSS Score
7.5
EPSS Score
0.023
Published
2006-04-04
CVE-2006-1606
Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors.
CVSS Score
5.0
EPSS Score
0.004
Published
2006-04-04
CVE-2006-1607
Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors.
CVSS Score
7.5
EPSS Score
0.007
Published
2006-04-04
CVE-2005-3761
Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-11-22
CVE-2005-3762
SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVSS Score
7.5
EPSS Score
0.01
Published
2005-11-22
CVE-2005-3763
Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved