Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27230 | 1 Expressionengine | 1 Expressionengine | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | |||||
| CVE-2020-8242 | 1 Expressionengine | 1 Expressionengine | 2022-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack. | |||||
| CVE-2020-13443 | 1 Expressionengine | 1 Expressionengine | 2020-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least). | |||||
| CVE-2017-0897 | 1 Expressionengine | 1 Expressionengine | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution. | |||||