Shodan
Vulnerabilities
Vulnerable Software
Exponentcms:  Security Vulnerabilities
CVE-2016-9135
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-11-03
CVE-2016-9134
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
CVSS Score
7.5
EPSS Score
0.01
Published
2016-11-03
CVE-2016-7453
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2016-11-03
CVE-2016-7452
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
CVSS Score
7.5
EPSS Score
0.011
Published
2016-11-03
CVE-2016-7095
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.
CVSS Score
9.8
EPSS Score
0.012
Published
2016-11-03
CVE-2014-8690
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.
CVSS Score
4.3
EPSS Score
0.114
Published
2015-02-19
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2014-12-30
CVE-2014-6635
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-10-26
CVE-2013-3294
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
CVSS Score
7.5
EPSS Score
0.013
Published
2014-02-11
CVE-2010-5002
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
CVSS Score
4.3
EPSS Score
0.113
Published
2011-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved