Ellislab Expressionengine vulnerabilities
2 known vulnerabilities affecting ellislab/expressionengine.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-0897P3HIGHCVSS 7.5vVersions before 2.11.8 and 3.5.52017-06-22
CVE-2017-0897 [HIGH] CWE-330 CVE-2017-0897: ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with we
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
nvd
CVE-2014-5387P3MEDIUMCVSS 6.5v2..5.4v2.0.0+8 more2014-11-04
CVE-2014-5387 [MEDIUM] CWE-89 CVE-2014-5387: Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authen
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
nvd