Search criteria
177 vulnerabilities found for exponent_cms by exponentcms
FKIE_CVE-2021-32441
Vulnerability from fkie_nvd - Published: 2023-02-17 18:15 - Updated: 2025-03-19 16:15
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/exponentcms/exponent-cms/issues/1542 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/exponentcms/exponent-cms/issues/1542 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6AF30A-A579-4DD1-BE30-4E5A3F40AA33",
"versionEndExcluding": "2.7.0",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class."
}
],
"id": "CVE-2021-32441",
"lastModified": "2025-03-19T16:15:15.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-17T18:15:11.023",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-23049
Vulnerability from fkie_nvd - Published: 2022-02-09 23:15 - Updated: 2024-11-21 06:47
Severity
Summary
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
References
| URL | Tags | ||
|---|---|---|---|
| help@fluidattacks.com | https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461 | Exploit, Issue Tracking, Vendor Advisory | |
| help@fluidattacks.com | https://fluidattacks.com/advisories/cobain/ | Exploit, Issue Tracking, Third Party Advisory | |
| help@fluidattacks.com | https://github.com/exponentcms/exponent-cms/issues/1546 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fluidattacks.com/advisories/cobain/ | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/exponentcms/exponent-cms/issues/1546 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | 2.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:2.6.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "5A643ED1-5F73-4CDE-A28A-D321EFCAC2F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
},
{
"lang": "es",
"value": "Exponent CMS versi\u00f3n 2.6.0patch2 permite a un usuario autenticado inyectar c\u00f3digo JavaScript persistente en el encabezado \"User-Agent\" cuando es iniciada la sesi\u00f3n. Cuando un usuario administrador visita la pesta\u00f1a \"User Sessions\", el JavaScript ser\u00e1 desencadenado permitiendo a un atacante comprometer la sesi\u00f3n del administrador"
}
],
"id": "CVE-2022-23049",
"lastModified": "2024-11-21T06:47:53.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T23:15:19.607",
"references": [
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"sourceIdentifier": "help@fluidattacks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23048
Vulnerability from fkie_nvd - Published: 2022-02-09 23:15 - Updated: 2024-11-21 06:47
Severity
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
References
| URL | Tags | ||
|---|---|---|---|
| help@fluidattacks.com | https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460 | Exploit, Issue Tracking, Vendor Advisory | |
| help@fluidattacks.com | https://fluidattacks.com/advisories/dylan/ | Exploit, Issue Tracking, Third Party Advisory | |
| help@fluidattacks.com | https://github.com/exponentcms/exponent-cms/issues/1546 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fluidattacks.com/advisories/dylan/ | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/exponentcms/exponent-cms/issues/1546 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | 2.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:2.6.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "5A643ED1-5F73-4CDE-A28A-D321EFCAC2F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
},
{
"lang": "es",
"value": "Exponent CMS versi\u00f3n 2.6.0patch2, permite a un usuario administrador autenticado subir una extensi\u00f3n maliciosa en formato de archivo ZIP con un archivo PHP en su interior. Despu\u00e9s de subirlo, el archivo PHP ser\u00e1 colocado en \"themes/simpletheme/{rce}.php\" desde donde puede accederse para ejecutar comandos"
}
],
"id": "CVE-2022-23048",
"lastModified": "2024-11-21T06:47:52.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T23:15:19.570",
"references": [
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"sourceIdentifier": "help@fluidattacks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23047
Vulnerability from fkie_nvd - Published: 2022-02-09 23:15 - Updated: 2024-11-21 06:47
Severity
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
References
| URL | Tags | ||
|---|---|---|---|
| help@fluidattacks.com | https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459 | Exploit, Issue Tracking, Vendor Advisory | |
| help@fluidattacks.com | https://fluidattacks.com/advisories/franklin/ | Exploit, Issue Tracking, Third Party Advisory | |
| help@fluidattacks.com | https://github.com/exponentcms/exponent-cms/issues/1546 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fluidattacks.com/advisories/franklin/ | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/exponentcms/exponent-cms/issues/1546 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | 2.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:2.6.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "5A643ED1-5F73-4CDE-A28A-D321EFCAC2F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
},
{
"lang": "es",
"value": ".Exponent CMS versi\u00f3n 2.6.0patch2, permite a un usuario administrador autenticado inyectar c\u00f3digo JavaScript persistente dentro de los par\u00e1metros \"Site/Organization Name\", \"Site Title\" y \"Site Header\" mientras se actualiza la configuraci\u00f3n del sitio en \"/exponentcms/administration/configure_site\""
}
],
"id": "CVE-2022-23047",
"lastModified": "2024-11-21T06:47:52.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T23:15:19.530",
"references": [
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"sourceIdentifier": "help@fluidattacks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9022
Vulnerability from fkie_nvd - Published: 2020-12-31 03:15 - Updated: 2024-11-21 03:00
Severity
Summary
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289C9975-962A-4030-A17C-EDBEAB16B590",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
},
{
"lang": "es",
"value": "Exponent CMS versiones anteriores a 2.6.0, presenta una comprobaci\u00f3n inapropiada de la entrada en el archivo usersController.php."
}
],
"id": "CVE-2016-9022",
"lastModified": "2024-11-21T03:00:27.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-31T03:15:12.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9021
Vulnerability from fkie_nvd - Published: 2020-12-31 03:15 - Updated: 2024-11-21 03:00
Severity
Summary
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289C9975-962A-4030-A17C-EDBEAB16B590",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
},
{
"lang": "es",
"value": "Exponent CMS versiones anteriores a 2.6.0, presenta una comprobaci\u00f3n inapropiada de la entrada en el archivo storeController.php."
}
],
"id": "CVE-2016-9021",
"lastModified": "2024-11-21T03:00:27.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-31T03:15:12.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9025
Vulnerability from fkie_nvd - Published: 2020-12-31 03:15 - Updated: 2024-11-21 03:00
Severity
Summary
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289C9975-962A-4030-A17C-EDBEAB16B590",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
},
{
"lang": "es",
"value": "Exponent CMS versiones anteriores a 2.6.0, presenta una comprobaci\u00f3n inapropiada de la entrada en el archivo purchaseOrderController.php."
}
],
"id": "CVE-2016-9025",
"lastModified": "2024-11-21T03:00:28.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-31T03:15:12.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9026
Vulnerability from fkie_nvd - Published: 2020-12-31 03:15 - Updated: 2024-11-21 03:00
Severity
Summary
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289C9975-962A-4030-A17C-EDBEAB16B590",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
},
{
"lang": "es",
"value": "Exponent CMS versiones anteriores a 2.6.0, presenta una comprobaci\u00f3n inapropiada de la entrada en el archivo fileController.php."
}
],
"id": "CVE-2016-9026",
"lastModified": "2024-11-21T03:00:28.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-31T03:15:12.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9023
Vulnerability from fkie_nvd - Published: 2020-12-31 03:15 - Updated: 2024-11-21 03:00
Severity
Summary
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289C9975-962A-4030-A17C-EDBEAB16B590",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
},
{
"lang": "es",
"value": "Exponent CMS versiones anteriores a 2.6.0, presenta una comprobaci\u00f3n inapropiada de la entrada en el archivo cron/find_help.php."
}
],
"id": "CVE-2016-9023",
"lastModified": "2024-11-21T03:00:27.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-31T03:15:12.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8900
Vulnerability from fkie_nvd - Published: 2019-05-24 17:29 - Updated: 2024-11-21 03:00
Severity
Summary
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/09/30/5 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/09/30/5 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | 2.3.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "12FDDF33-2B21-4F8A-AB9A-01857197E810",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Exponent CMS versi\u00f3n 2.3.9, sufre de una vulnerabilidad de Inyecci\u00f3n de Objeto en el archivo framework/modules/core/controllers/expTagController.php asociado con el par\u00e1metro change_tags."
}
],
"id": "CVE-2016-8900",
"lastModified": "2024-11-21T03:00:15.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-24T17:29:00.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8898
Vulnerability from fkie_nvd - Published: 2019-05-24 17:29 - Updated: 2024-11-21 03:00
Severity
Summary
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/09/30/5 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/09/30/5 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| exponentcms | exponent_cms | 2.3.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exponentcms:exponent_cms:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "12FDDF33-2B21-4F8A-AB9A-01857197E810",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en el Exponent CMS versi\u00f3n 2.3.9, sufre una vulnerabilidad de inyecci\u00f3n de SQL en el archivo framework/modules/ecommerce/controllers/cartController.php."
}
],
"id": "CVE-2016-8898",
"lastModified": "2024-11-21T03:00:15.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-24T17:29:00.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-32441 (GCVE-0-2021-32441)
Vulnerability from cvelistv5 – Published: 2023-02-17 00:00 – Updated: 2025-03-19 15:11
VLAI
Summary
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T15:10:25.871519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:11:04.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32441",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2025-03-19T15:11:04.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23049 (GCVE-0-2022-23049)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/cobain/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:59.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/cobain/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23049",
"datePublished": "2022-02-09T22:03:59.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23048 (GCVE-0-2022-23048)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
Severity
No CVSS data available.
CWE
- Insecure file upload (RCE)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/dylan/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure file upload (RCE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:58.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure file upload (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/dylan/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23048",
"datePublished": "2022-02-09T22:03:58.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23047 (GCVE-0-2022-23047)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/advisories/franklin/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:57.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/franklin/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23047",
"datePublished": "2022-02-09T22:03:57.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9023 (GCVE-0-2016-9023)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:13 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:13:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9023",
"datePublished": "2020-12-31T02:13:32.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9026 (GCVE-0-2016-9026)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:12 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:12:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9026",
"datePublished": "2020-12-31T02:12:11.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9025 (GCVE-0-2016-9025)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:11 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:11:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9025",
"datePublished": "2020-12-31T02:11:12.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9022 (GCVE-0-2016-9022)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:10 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:10:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9022",
"datePublished": "2020-12-31T02:10:26.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9021 (GCVE-0-2016-9021)
Vulnerability from cvelistv5 – Published: 2020-12-31 02:09 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:09:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9021",
"datePublished": "2020-12-31T02:09:27.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8898 (GCVE-0-2016-8898)
Vulnerability from cvelistv5 – Published: 2019-05-24 16:20 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/30/5 | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T16:20:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/09/30/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/5"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8898",
"datePublished": "2019-05-24T16:20:41.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32441 (GCVE-0-2021-32441)
Vulnerability from nvd – Published: 2023-02-17 00:00 – Updated: 2025-03-19 15:11
VLAI
Summary
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T15:10:25.871519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:11:04.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/exponentcms/exponent-cms/issues/1542"
},
{
"url": "https://github.com/pang0lin/CVEproject/blob/main/ExponentCMS_v2.6.0_sqli.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32441",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2025-03-19T15:11:04.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23049 (GCVE-0-2022-23049)
Vulnerability from nvd – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/cobain/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:59.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the \"User-Agent\" header when logging in. When an administrator user visits the \"User Sessions\" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/cobain/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/cobain/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23049",
"datePublished": "2022-02-09T22:03:59.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23048 (GCVE-0-2022-23048)
Vulnerability from nvd – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
Severity
No CVSS data available.
CWE
- Insecure file upload (RCE)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
| https://fluidattacks.com/advisories/dylan/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure file upload (RCE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:58.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at \"themes/simpletheme/{rce}.php\" from where can be accessed in order to execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure file upload (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
},
{
"name": "https://fluidattacks.com/advisories/dylan/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/dylan/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23048",
"datePublished": "2022-02-09T22:03:58.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23047 (GCVE-0-2022-23047)
Vulnerability from nvd – Published: 2022-02-09 22:03 – Updated: 2024-08-03 03:28
VLAI
Summary
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
Severity
No CVSS data available.
CWE
- Stored cross-site scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/advisories/franklin/ | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
| https://github.com/exponentcms/exponent-cms/issues/1546 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Exponent CMS |
Affected:
v2.6.0patch2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exponent CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v2.6.0patch2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:03:57.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exponent CMS",
"version": {
"version_data": [
{
"version_value": "v2.6.0patch2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the \"Site/Organization Name\",\"Site Title\" and \"Site Header\" parameters while updating the site settings on \"/exponentcms/administration/configure_site\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/franklin/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/franklin/"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/tickets/1459"
},
{
"name": "https://github.com/exponentcms/exponent-cms/issues/1546",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/issues/1546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23047",
"datePublished": "2022-02-09T22:03:57.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:43.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9023 (GCVE-0-2016-9023)
Vulnerability from nvd – Published: 2020-12-31 02:13 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:13:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9023",
"datePublished": "2020-12-31T02:13:32.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9026 (GCVE-0-2016-9026)
Vulnerability from nvd – Published: 2020-12-31 02:12 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:12:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in fileController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9026",
"datePublished": "2020-12-31T02:12:11.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9025 (GCVE-0-2016-9025)
Vulnerability from nvd – Published: 2020-12-31 02:11 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:11:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9025",
"datePublished": "2020-12-31T02:11:12.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9022 (GCVE-0-2016-9022)
Vulnerability from nvd – Published: 2020-12-31 02:10 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:10:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in usersController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9022",
"datePublished": "2020-12-31T02:10:26.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9021 (GCVE-0-2016-9021)
Vulnerability from nvd – Published: 2020-12-31 02:09 – Updated: 2024-08-06 02:35
VLAI
Summary
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/exponentcms/exponent-cms/commi… | x_refsource_MISC |
| https://exponentcms.lighthouseapp.com/projects/61… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T02:09:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS before 2.6.0 has improper input validation in storeController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
},
{
"name": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31",
"refsource": "MISC",
"url": "https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9021",
"datePublished": "2020-12-31T02:09:27.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}