Exponentcms: Security Vulnerabilities
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-05-24
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-05-24
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-05-23
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-05-23
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
CVSS Score
9.8
EPSS Score
0.009
Published
2018-03-07
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-03-04
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-28
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-04-24
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-04-22
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07