dleffler

34 exploits Active since Nov 2016
CVE-2016-7452 WRITEUP HIGH WRITEUP
Exponentcms Exponent Cms < 2.3.9 - Unrestricted File Upload
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
CVSS 7.5
CVE-2016-7453 WRITEUP CRITICAL WRITEUP
Exponentcms Exponent Cms < 2.3.9 - SQL Injection
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVSS 9.8
CVE-2016-7565 WRITEUP CRITICAL WRITEUP
Exponentcms Exponent Cms - Improper Access Control
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
CVSS 9.8
CVE-2016-7780 WRITEUP CRITICAL WRITEUP
Exponentcms Exponent Cms < 2.3.9 - SQL Injection
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVSS 9.8
CVE-2016-7781 WRITEUP CRITICAL WRITEUP
Exponentcms Exponent Cms < 2.3.9 - SQL Injection
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
CVSS 9.8
CVE-2016-7784 WRITEUP CRITICAL WRITEUP
Exponentcms Exponent Cms < 2.3.9 - SQL Injection
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVSS 9.8
CVE-2016-7788 WRITEUP CRITICAL WRITEUP
Exponentcms Exponent Cms < 2.3.9 - SQL Injection
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVSS 9.8
CVE-2016-8897 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.3.9 - SQL Injection
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
CVSS 9.8
CVE-2016-8898 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.3.9 - SQL Injection
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
CVSS 9.8
CVE-2016-8899 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.3.9 - Code Injection
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
CVSS 9.8
CVE-2016-8900 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.3.9 - Code Injection
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
CVSS 9.8
CVE-2016-9020 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.3.9 - SQL Injection
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVSS 9.8
CVE-2016-9021 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.6.0 - Info Disclosure
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
CVSS 9.8
CVE-2016-9022 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.6.0 - Info Disclosure
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
CVSS 9.8
CVE-2016-9023 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.6.0 - Info Disclosure
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
CVSS 9.8
CVE-2016-9025 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.6.0 - Info Disclosure
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
CVSS 9.8
CVE-2016-9026 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.6.0 - Info Disclosure
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
CVSS 9.8
CVE-2016-9087 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.3.9 - SQL Injection
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
CVSS 9.8
CVE-2016-9134 WRITEUP HIGH WRITEUP
Exponent CMS 2.3.9 - SQL Injection
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
CVSS 7.5
CVE-2016-9135 WRITEUP HIGH WRITEUP
Exponent CMS 2.3.9 - SQL Injection
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
CVSS 7.5
CVE-2016-9182 WRITEUP HIGH WRITEUP
Exponent CMS 2.4 - Info Disclosure
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.
CVSS 7.5
CVE-2016-9183 WRITEUP HIGH WRITEUP
Exponent CMS 2.4.0 - Info Disclosure
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure.
CVSS 7.5
CVE-2016-9184 WRITEUP HIGH WRITEUP
Exponent CMS 2.4.0 - SQL Injection
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
CVSS 7.5
CVE-2016-9242 WRITEUP HIGH WRITEUP
Exponent CMS 2.4.0 - SQL Injection
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
CVSS 8.8
CVE-2016-9272 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.4.0 - SQL Injection
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVSS 9.1