Shodan
Vulnerabilities
Vulnerable Software
Exponentcms:  >> Exponent Cms  >> 0.97.0  Security Vulnerabilities
CVE-2016-7783
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7784
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7788
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7789
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-03-07
CVE-2016-9019
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-03-07
CVE-2016-9020
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-03-07
CVE-2016-9087
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
CVSS Score
9.8
EPSS Score
0.026
Published
2017-03-07
CVE-2016-7400
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
CVSS Score
9.8
EPSS Score
0.182
Published
2017-02-07
CVE-2015-8667
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-18
CVE-2015-8684
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved