Exponentcms: >> Exponent Cms >> 2.4.1 Security Vulnerabilities
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-03-04
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-04-22
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-02-06