RSS   Vulnerabilities for 'Expressionengine'   RSS

2017-11-17
 
CVE-2017-1000160

CWE-79
 

 
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection

 
2014-11-04
 
CVE-2014-5387

 

 
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top