Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
30 vulnerabilities found for expressionengine by expressionengine
CVE-2025-59473 (GCVE-0-2025-59473)
Vulnerability from nvd – Published: 2026-01-26 21:43 – Updated: 2026-01-27 15:08
VLAI?
Summary
SQL Injection vulnerability in the Structure for Admin authenticated user
Severity ?
6 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ExpressionEngine | ExpressionEngine |
Unaffected:
7.* , < 7.5.14
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T15:07:01.049488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:08:40.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ExpressionEngine",
"vendor": "ExpressionEngine",
"versions": [
{
"lessThan": "7.5.14",
"status": "unaffected",
"version": "7.*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in the Structure for Admin authenticated user"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:43:05.071Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3249794"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-59473",
"datePublished": "2026-01-26T21:43:05.071Z",
"dateReserved": "2025-09-16T15:00:07.876Z",
"dateUpdated": "2026-01-27T15:08:40.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38454 (GCVE-0-2024-38454)
Vulnerability from nvd – Published: 2024-06-16 00:00 – Updated: 2025-03-17 14:07
VLAI?
Summary
ExpressionEngine before 7.4.11 allows XSS.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T20:40:29.515058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:07:46.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 7.4.11 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T14:24:40.863Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
},
{
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38454",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T14:07:46.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44534 (GCVE-0-2021-44534)
Vulnerability from nvd – Published: 2024-05-31 17:40 – Updated: 2024-08-04 04:25
VLAI?
Summary
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ExpressionEngine | ExpressionEngine |
Affected:
6.0.3 , < 6.0.3
(semver)
Unaffected: 6.0.0 , < 6.0.0 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:expressionengine:expressionengine:6.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expressionengine",
"vendor": "expressionengine",
"versions": [
{
"status": "affected",
"version": "6.0.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:expressionengine:expressionengine:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expressionengine",
"vendor": "expressionengine",
"versions": [
{
"status": "unaffected",
"version": "6.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:25:34.277497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:15:27.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1096043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "ExpressionEngine",
"versions": [
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThan": "6.0.0",
"status": "unaffected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.\r\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T17:40:31.559Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1096043"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-44534",
"datePublished": "2024-05-31T17:40:31.559Z",
"dateReserved": "2021-12-02T23:52:53.969Z",
"dateUpdated": "2024-08-04T04:25:16.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22953 (GCVE-0-2023-22953)
Vulnerability from nvd – Published: 2023-02-09 00:00 – Updated: 2024-08-02 10:20
VLAI?
Summary
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1820492"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://hackerone.com/reports/1820492"
},
{
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22953",
"datePublished": "2023-02-09T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-02T10:20:31.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8242 (GCVE-0-2020-8242)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2024-08-04 09:56
VLAI?
Summary
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection (CWE-89)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ExpressionEngine |
Affected:
<= 5.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/968240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unsanitized user input in ExpressionEngine \u003c= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection (CWE-89)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:57.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/968240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExpressionEngine",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsanitized user input in ExpressionEngine \u003c= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/968240",
"refsource": "MISC",
"url": "https://hackerone.com/reports/968240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8242",
"datePublished": "2022-02-18T17:50:57.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:27.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33199 (GCVE-0-2021-33199)
Vulnerability from nvd – Published: 2021-08-12 20:46 – Updated: 2024-08-03 23:42
VLAI?
Summary
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-\u003eget(\u0027file\u0027) instead of the fixed file names of icon.png and icon.svg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-12T20:46:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-\u003eget(\u0027file\u0027) instead of the fixed file names of icon.png and icon.svg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3",
"refsource": "MISC",
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"name": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508",
"refsource": "MISC",
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33199",
"datePublished": "2021-08-12T20:46:06.000Z",
"dateReserved": "2021-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27230 (GCVE-0-2021-27230)
Vulnerability from nvd – Published: 2021-03-15 22:52 – Updated: 2024-08-03 20:48
VLAI?
Summary
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:15.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1093444"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://expressionengine.com/features"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-15T23:06:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1093444"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://expressionengine.com/features"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1093444",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1093444"
},
{
"name": "https://expressionengine.com/features",
"refsource": "MISC",
"url": "https://expressionengine.com/features"
},
{
"name": "http://seclists.org/fulldisclosure/2021/Mar/32",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"name": "http://karmainsecurity.com/KIS-2021-03",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"name": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27230",
"datePublished": "2021-03-15T22:52:42.000Z",
"dateReserved": "2021-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:15.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13443 (GCVE-0-2020-13443)
Vulnerability from nvd – Published: 2020-06-24 14:34 – Updated: 2024-08-04 12:18
VLAI?
Summary
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://expressionengine.com/blog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T14:34:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://expressionengine.com/blog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://expressionengine.com/blog",
"refsource": "MISC",
"url": "https://expressionengine.com/blog"
},
{
"name": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09",
"refsource": "MISC",
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13443",
"datePublished": "2020-06-24T14:34:44.000Z",
"dateReserved": "2020-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:18:18.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17874 (GCVE-0-2018-17874)
Vulnerability from nvd – Published: 2018-10-01 23:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
ExpressionEngine before 4.3.5 has reflected XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:13.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 4.3.5 has reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-01T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 4.3.5 has reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17874",
"datePublished": "2018-10-01T23:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:13.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000160 (GCVE-0-2017-1000160)
Vulnerability from nvd – Published: 2017-11-17 05:00 – Updated: 2024-09-17 01:26
VLAI?
Summary
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T05:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.372590",
"ID": "CVE-2017-1000160",
"REQUESTER": "hbuchwald@ripstech.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3",
"refsource": "MISC",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000160",
"datePublished": "2017-11-17T05:00:00.000Z",
"dateReserved": "2017-11-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:26.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0897 (GCVE-0-2017-0897)
Vulnerability from nvd – Published: 2017-06-22 21:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-330 - Use of Insufficiently Random Values (CWE-330)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EllisLab | ExpressionEngine |
Affected:
Versions before 2.11.8 and 3.5.5
|
Date Public ?
2017-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99242",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/215890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "EllisLab",
"versions": [
{
"status": "affected",
"version": "Versions before 2.11.8 and 3.5.5"
}
]
}
],
"datePublic": "2017-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "Use of Insufficiently Random Values (CWE-330)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-26T09:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "99242",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/215890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExpressionEngine",
"version": {
"version_data": [
{
"version_value": "Versions before 2.11.8 and 3.5.5"
}
]
}
}
]
},
"vendor_name": "EllisLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values (CWE-330)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99242"
},
{
"name": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"name": "https://hackerone.com/reports/215890",
"refsource": "MISC",
"url": "https://hackerone.com/reports/215890"
},
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"name": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released",
"refsource": "CONFIRM",
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0897",
"datePublished": "2017-06-22T21:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:25:16.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5387 (GCVE-0-2014-5387)
Vulnerability from nvd – Published: 2014-11-04 15:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"name": "https://ellislab.com/expressionengine/user-guide/about/changelog.html",
"refsource": "MISC",
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5387",
"datePublished": "2014-11-04T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1070 (GCVE-0-2009-1070)
Vulnerability from nvd – Published: 2009-03-24 19:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2009-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34193"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"name": "http://expressionengine.com/docs/changelog.html#v167",
"refsource": "CONFIRM",
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34193"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1070",
"datePublished": "2009-03-24T19:00:00.000Z",
"dateReserved": "2009-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:17.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0202 (GCVE-0-2008-0202)
Vulnerability from nvd – Published: 2008-01-10 00:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"name": "http://websecurity.com.ua/1454/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1454/"
},
{
"name": "http://securityvulns.ru/Sdocument472.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0202",
"datePublished": "2008-01-10T00:00:00.000Z",
"dateReserved": "2008-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0201 (GCVE-0-2008-0201)
Vulnerability from nvd – Published: 2008-01-10 00:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"name": "http://websecurity.com.ua/1454/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1454/"
},
{
"name": "http://securityvulns.ru/Sdocument472.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0201",
"datePublished": "2008-01-10T00:00:00.000Z",
"dateReserved": "2008-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59473 (GCVE-0-2025-59473)
Vulnerability from cvelistv5 – Published: 2026-01-26 21:43 – Updated: 2026-01-27 15:08
VLAI?
Summary
SQL Injection vulnerability in the Structure for Admin authenticated user
Severity ?
6 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ExpressionEngine | ExpressionEngine |
Unaffected:
7.* , < 7.5.14
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T15:07:01.049488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:08:40.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ExpressionEngine",
"vendor": "ExpressionEngine",
"versions": [
{
"lessThan": "7.5.14",
"status": "unaffected",
"version": "7.*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in the Structure for Admin authenticated user"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:43:05.071Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3249794"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-59473",
"datePublished": "2026-01-26T21:43:05.071Z",
"dateReserved": "2025-09-16T15:00:07.876Z",
"dateUpdated": "2026-01-27T15:08:40.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38454 (GCVE-0-2024-38454)
Vulnerability from cvelistv5 – Published: 2024-06-16 00:00 – Updated: 2025-03-17 14:07
VLAI?
Summary
ExpressionEngine before 7.4.11 allows XSS.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T20:40:29.515058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:07:46.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 7.4.11 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T14:24:40.863Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
},
{
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38454",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T14:07:46.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44534 (GCVE-0-2021-44534)
Vulnerability from cvelistv5 – Published: 2024-05-31 17:40 – Updated: 2024-08-04 04:25
VLAI?
Summary
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ExpressionEngine | ExpressionEngine |
Affected:
6.0.3 , < 6.0.3
(semver)
Unaffected: 6.0.0 , < 6.0.0 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:expressionengine:expressionengine:6.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expressionengine",
"vendor": "expressionengine",
"versions": [
{
"status": "affected",
"version": "6.0.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:expressionengine:expressionengine:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expressionengine",
"vendor": "expressionengine",
"versions": [
{
"status": "unaffected",
"version": "6.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:25:34.277497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:15:27.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1096043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "ExpressionEngine",
"versions": [
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThan": "6.0.0",
"status": "unaffected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.\r\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T17:40:31.559Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1096043"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-44534",
"datePublished": "2024-05-31T17:40:31.559Z",
"dateReserved": "2021-12-02T23:52:53.969Z",
"dateUpdated": "2024-08-04T04:25:16.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22953 (GCVE-0-2023-22953)
Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2024-08-02 10:20
VLAI?
Summary
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1820492"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://hackerone.com/reports/1820492"
},
{
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22953",
"datePublished": "2023-02-09T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-02T10:20:31.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8242 (GCVE-0-2020-8242)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2024-08-04 09:56
VLAI?
Summary
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection (CWE-89)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ExpressionEngine |
Affected:
<= 5.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/968240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unsanitized user input in ExpressionEngine \u003c= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection (CWE-89)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:57.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/968240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExpressionEngine",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsanitized user input in ExpressionEngine \u003c= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/968240",
"refsource": "MISC",
"url": "https://hackerone.com/reports/968240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8242",
"datePublished": "2022-02-18T17:50:57.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:27.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33199 (GCVE-0-2021-33199)
Vulnerability from cvelistv5 – Published: 2021-08-12 20:46 – Updated: 2024-08-03 23:42
VLAI?
Summary
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-\u003eget(\u0027file\u0027) instead of the fixed file names of icon.png and icon.svg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-12T20:46:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-\u003eget(\u0027file\u0027) instead of the fixed file names of icon.png and icon.svg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3",
"refsource": "MISC",
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"name": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508",
"refsource": "MISC",
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33199",
"datePublished": "2021-08-12T20:46:06.000Z",
"dateReserved": "2021-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27230 (GCVE-0-2021-27230)
Vulnerability from cvelistv5 – Published: 2021-03-15 22:52 – Updated: 2024-08-03 20:48
VLAI?
Summary
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:15.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1093444"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://expressionengine.com/features"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-15T23:06:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1093444"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://expressionengine.com/features"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1093444",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1093444"
},
{
"name": "https://expressionengine.com/features",
"refsource": "MISC",
"url": "https://expressionengine.com/features"
},
{
"name": "http://seclists.org/fulldisclosure/2021/Mar/32",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"name": "http://karmainsecurity.com/KIS-2021-03",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"name": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27230",
"datePublished": "2021-03-15T22:52:42.000Z",
"dateReserved": "2021-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:15.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13443 (GCVE-0-2020-13443)
Vulnerability from cvelistv5 – Published: 2020-06-24 14:34 – Updated: 2024-08-04 12:18
VLAI?
Summary
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://expressionengine.com/blog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T14:34:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://expressionengine.com/blog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://expressionengine.com/blog",
"refsource": "MISC",
"url": "https://expressionengine.com/blog"
},
{
"name": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09",
"refsource": "MISC",
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13443",
"datePublished": "2020-06-24T14:34:44.000Z",
"dateReserved": "2020-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:18:18.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17874 (GCVE-0-2018-17874)
Vulnerability from cvelistv5 – Published: 2018-10-01 23:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
ExpressionEngine before 4.3.5 has reflected XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:13.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 4.3.5 has reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-01T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 4.3.5 has reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17874",
"datePublished": "2018-10-01T23:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:13.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000160 (GCVE-0-2017-1000160)
Vulnerability from cvelistv5 – Published: 2017-11-17 05:00 – Updated: 2024-09-17 01:26
VLAI?
Summary
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T05:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.372590",
"ID": "CVE-2017-1000160",
"REQUESTER": "hbuchwald@ripstech.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3",
"refsource": "MISC",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000160",
"datePublished": "2017-11-17T05:00:00.000Z",
"dateReserved": "2017-11-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:26.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0897 (GCVE-0-2017-0897)
Vulnerability from cvelistv5 – Published: 2017-06-22 21:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-330 - Use of Insufficiently Random Values (CWE-330)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EllisLab | ExpressionEngine |
Affected:
Versions before 2.11.8 and 3.5.5
|
Date Public ?
2017-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99242",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/215890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "EllisLab",
"versions": [
{
"status": "affected",
"version": "Versions before 2.11.8 and 3.5.5"
}
]
}
],
"datePublic": "2017-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "Use of Insufficiently Random Values (CWE-330)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-26T09:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "99242",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/215890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExpressionEngine",
"version": {
"version_data": [
{
"version_value": "Versions before 2.11.8 and 3.5.5"
}
]
}
}
]
},
"vendor_name": "EllisLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values (CWE-330)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99242"
},
{
"name": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"name": "https://hackerone.com/reports/215890",
"refsource": "MISC",
"url": "https://hackerone.com/reports/215890"
},
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"name": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released",
"refsource": "CONFIRM",
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0897",
"datePublished": "2017-06-22T21:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:25:16.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5387 (GCVE-0-2014-5387)
Vulnerability from cvelistv5 – Published: 2014-11-04 15:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"name": "https://ellislab.com/expressionengine/user-guide/about/changelog.html",
"refsource": "MISC",
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5387",
"datePublished": "2014-11-04T15:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1070 (GCVE-0-2009-1070)
Vulnerability from cvelistv5 – Published: 2009-03-24 19:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2009-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34193"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"name": "http://expressionengine.com/docs/changelog.html#v167",
"refsource": "CONFIRM",
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34193"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1070",
"datePublished": "2009-03-24T19:00:00.000Z",
"dateReserved": "2009-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:17.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0202 (GCVE-0-2008-0202)
Vulnerability from cvelistv5 – Published: 2008-01-10 00:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"name": "http://websecurity.com.ua/1454/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1454/"
},
{
"name": "http://securityvulns.ru/Sdocument472.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0202",
"datePublished": "2008-01-10T00:00:00.000Z",
"dateReserved": "2008-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0201 (GCVE-0-2008-0201)
Vulnerability from cvelistv5 – Published: 2008-01-10 00:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"name": "http://websecurity.com.ua/1454/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1454/"
},
{
"name": "http://securityvulns.ru/Sdocument472.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0201",
"datePublished": "2008-01-10T00:00:00.000Z",
"dateReserved": "2008-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}