https://github.com|exponentcms/exponent-cms vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the https://github.com|exponentcms/exponent-cms package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H SQL Injection	[,2.7.0)
C SQL Injection	[,2.4.0)
C SQL Injection	[,2.3.9]
H Information Exposure	[,2.3.9]
C Arbitrary Code Injection	[,2.3.9]
C SQL Injection	[,2.4.0)
M Cross-site Scripting (XSS)	[,2.2.0)
C SQL Injection	[,2.4.0)
C SQL Injection	[,2.4.1]
H Improper Access Control	[,2.4.0]
M Information Exposure	[,2.4.0]
H Information Exposure	[,2.4.0]
H Access Restriction Bypass	[,2.4.2)
C Arbitrary File Upload	[2.3.0,2.4.0)
C SQL Injection	[,2.4.0)
C Arbitrary Code Injection	[,2.3.9]
M Cross-site Scripting (XSS)	[,2.3.0]
C SQL Injection	[,2.4.0)
C SQL Injection	[,2.4.0]
M Information Exposure	[,2.4.0]
C Improper Input Validation	[,2.6.0)
C SQL Injection	[,2.4.1)
C Arbitrary File Upload	[,2.3.9)
C SQL Injection	[,2.4.0)
C SQL Injection	[,2.4.0)
C Improper Input Validation	[,2.6.0)
C SQL Injection	[,2.4.0)
M Cross-site Scripting (XSS)	[,2.3.2]
C SQL Injection	[,2.3.9]
C Improper Input Validation	[,2.6.0)
H SQL Injection	[,2.4.0]
C SQL Injection	[,2.4.0)
M Cross-site Scripting (XSS)	[,2.3.6)
H Information Exposure	[,2.3.9]
C Improper Input Validation	[,2.3.9]
H Directory Traversal	[,2.2.1)
C Improper Input Validation	[,2.6.0)
C Improper Input Validation	[,2.3.9]
C SQL Injection	[,2.4.0)
C SQL Injection	[,2.4.0)
H SQL Injection	[,2.2.1)
C SQL Injection	[,2.4.0)
M Cross-site Scripting (XSS)	[,2.3.6)
C Improper Input Validation	[,2.6.0)
M Information Exposure	[,2.4.0]
C SQL Injection	[,2.4.1)
H Information Exposure	[,2.4.0]
H SQL Injection	[,2.4.0]
C Improper Access Control	[,2.3.9]
C SQL Injection	[,2.4.2)
H Arbitrary File Upload	[,2.4.0)
H SQL Injection	[,2.4.0]
C Remote Code Execution (RCE)	[,2.3.7)

Vulnerability

Vulnerable Version

[,2.7.0)

[,2.4.0)

[,2.3.9]

[,2.3.9]

Arbitrary Code Injection

[,2.3.9]