Exponentcms: >> Exponent Cms >> 2.3.1 Security Vulnerabilities
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
CVSS Score
9.8
EPSS Score
0.009
Published
2018-03-07
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-03-04
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-04-24
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-04-22
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
Page 1