Exponentcms: >> Exponent Cms >> 2.3.8 Security Vulnerabilities
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
CVSS Score
9.8
EPSS Score
0.003
Published
2016-11-11
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVSS Score
9.1
EPSS Score
0.003
Published
2016-11-11
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2016-11-03
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
CVSS Score
7.5
EPSS Score
0.011
Published
2016-11-03
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
CVSS Score
9.8
EPSS Score
0.013
Published
2016-11-03
Page 3