dleffler

36 exploits Active since Nov 2016
CVE-2016-9242 WRITEUP HIGH WRITEUP
Exponent CMS 2.4.0 - Authenticated SQL Injection via Content Type or Subtype Parameter
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
CVSS 8.8
CVE-2016-9272 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.4.0 - SQL Injection
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVSS 9.1
CVE-2016-9282 WRITEUP HIGH WRITEUP
Exponent CMS <2.4.0 - SQL Injection
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
CVSS 7.5
CVE-2016-9283 WRITEUP HIGH WRITEUP
Exponent CMS <2.4.0 - SQL Injection
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
CVSS 7.5
CVE-2016-9284 WRITEUP MEDIUM WRITEUP
Exponent CMS v2.4.0 - Info Disclosure
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
CVSS 5.3
CVE-2016-9285 WRITEUP MEDIUM WRITEUP
Exponent CMS <2.4.0 - Info Disclosure
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
CVSS 5.3
CVE-2016-9286 WRITEUP MEDIUM WRITEUP
Exponent CMS <v2.4.0patch1 - Info Disclosure
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
CVSS 5.3
CVE-2016-9287 WRITEUP CRITICAL WRITEUP
Exponent CMS 2.4.0 patch1 - SQL Injection
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
CVSS 9.8
CVE-2016-9288 WRITEUP CRITICAL WRITEUP
Exponent CMS <2.4.0 - SQL Injection
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
CVSS 9.8
CVE-2017-7991 WRITEUP CRITICAL WRITEUP
Exponent CMS < 2.4.1 - SQL Injection via Base64 Serialized API Key
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVSS 9.8
CVE-2017-8085 WRITEUP MEDIUM WRITEUP
Exponent CMS < 2.4.1 Patch #5 - Cross-Site Scripting in elFinder
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
CVSS 6.1