exponentcms security advisories
15 threat alerts tracking vulnerabilities and security advisories that affect exponentcms products.
Vulnios monitors exponentcms CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent exponentcms security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2017-7991 — exponentcms — exponent_cms
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
criticalCVE-2017-7991Critical Vulnerability: CVE-2016-7782 — exponentcms — exponent_cms
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
criticalCVE-2016-7782Critical Vulnerability: CVE-2016-7781 — exponentcms — exponent_cms
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author paramete
criticalCVE-2016-7781Critical Vulnerability: CVE-2016-9020 — exponentcms — exponent_cms
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version paramet
criticalCVE-2016-9020Critical Vulnerability: CVE-2016-7789 — exponentcms — exponent_cms
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
criticalCVE-2016-7789Critical Vulnerability: CVE-2016-7780 — exponentcms — exponent_cms
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
criticalCVE-2016-7780Critical Vulnerability: CVE-2016-7784 — exponentcms — exponent_cms
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the se
criticalCVE-2016-7784Critical Vulnerability: CVE-2016-9019 — exponentcms — exponent_cms
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arb
criticalCVE-2016-9019Critical Vulnerability: CVE-2016-7788 — exponentcms — exponent_cms
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
criticalCVE-2016-7788Critical Vulnerability: CVE-2016-7783 — exponentcms — exponent_cms
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
criticalCVE-2016-7783Critical Vulnerability: CVE-2016-9087 — exponentcms — exponent_cms
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via th
criticalCVE-2016-9087Critical Vulnerability: CVE-2016-7565 — exponentcms — exponent_cms
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
criticalCVE-2016-7565Critical Vulnerability: CVE-2016-7400 — exponentcms — exponent_cms
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,
criticalCVE-2016-7400Critical Vulnerability: CVE-2017-5879 — exponentcms — exponent_cms
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to
criticalCVE-2017-5879Critical Vulnerability: CVE-2016-2242 — exponentcms — exponent_cms
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
criticalCVE-2016-2242
Track exponentcms exposure across your environment
Vulnios automatically cross-references your asset inventory against new exponentcms CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan