Vulnerabilites related to expressionengine - expressionengine
Vulnerability from fkie_nvd
Published
2017-06-22 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.0.0:public_beta:*:*:*:*:*:*",
"matchCriteriaId": "574513F3-4138-4497-AB7B-48C3D0E57D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.0.1:public_beta:*:*:*:*:*:*",
"matchCriteriaId": "63A66777-08EF-4CB3-B132-2380632A472B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.0.2:public_beta:*:*:*:*:*:*",
"matchCriteriaId": "27FC3CCC-B29C-43BF-B75F-E209F438512A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B61035E8-E776-455D-A87E-D89C635EF612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B084EE1-049A-45E7-9DAA-78A67A08ED2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D9D6C6-E1BE-4AED-BD5A-251E62E02355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB81D8E5-F981-4BA7-ABF3-529E7155EED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34003923-392F-4D6E-91FA-7CEF9CF47933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446AC2B4-DA7A-4982-B383-DF2B0E2FA95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C7196D-190B-4180-AACC-141A13D51DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFAA28E-F9C1-4246-B218-C51A5493C56B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E743D80-E5D3-4CB8-9412-99B2A55CD52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC16511-FDA2-4F85-BB37-557165629592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8472C055-5A50-44A8-ACF7-F9775D2C0E5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A730EF01-BB6D-4163-BCF8-7267798857E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63CA981E-DE29-48B2-8B78-EAF2F6DE6990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7BC9ED-18C4-43D1-88DF-9D41ECB20A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64EA0BBC-4D35-4E83-9FEA-80834C5823EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3530A171-A49E-45A3-8DE6-562B657B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB735CF0-13A5-43C2-8E27-6AD7C612629F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1337527F-B9F4-4E62-A06D-8F954965F740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C826EC11-0541-415F-ABA7-457D3DF67685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD213AF-F832-49BE-9FB5-6B35D16CA066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC6E0BC-DA5D-4828-96A2-1029AD0CB853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43538A4E-7E4A-44A0-A4D1-F1B0CBDDCEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8079BBD2-1F9A-45F2-AFF3-78D7BA82EA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA7430A-0A6A-4B30-BD0D-E88E4C2914F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFED8674-66D2-404F-9676-71861D85103D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A26FE9DF-E047-4172-8E27-58D5316B4E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42792D9B-279D-4837-868B-1D5E30A2D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92D29266-0857-4D5C-AFDC-4CCF97B21BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCCB8A0-DD87-43A4-B1D5-440DF3D537FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4DBC0F-9CCC-4F99-B8DA-EAB86B3EDF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6254A4-5B1A-4777-945A-6AD79643F2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6F5DAE-DFBF-4CD3-ABB0-E3A9290BC2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48EF1AF2-4788-467E-8AE6-5213CFB1681A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62810DE1-6661-4A7F-9D38-B96913DA037C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8355D00D-A208-4C96-8884-3C13A398084A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51900BA-81FC-4684-8987-E4A6D5FBE789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC26F1D3-C01F-468D-8029-AB57DF72AE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E435507-BD37-4BC1-9820-EAB1BA6278B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "053B1570-9C28-4322-ABCE-8F68AF94EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7398CE-139E-458F-9255-6E720E36BC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7C8F8E-1FCC-42D6-9606-316DA108852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E08A1FC2-2AC1-4478-9C3A-58F150667854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57982775-D296-4735-8AB3-101AA71C7AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5C58D0-CF8F-409F-BCCF-FCE1F181D512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74CDD8C-C74E-433B-A02B-AF1F8735CB2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A19751E-2ADC-4E2E-B1E8-CBF19C2A0C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C429A5AE-EC2F-4BE9-BA06-3CD7A6BA13D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C08C5B-F74F-4DD5-BD45-CE365233C71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "517797EA-F496-44BF-8264-3621A2EC0719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C044A1DF-EEF6-40D9-94DC-08A5DC8BD27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB2057A-E6E7-401D-98AD-407C0A106A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F75E0EFB-BCAC-4D7D-B5CC-8E7B190AF5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F0A185-89EF-4FA7-9A14-A3C477AD5DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9D52C6-8BE3-428C-812D-6C491D0DEA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76632461-BEBE-490D-B476-85AD3D0082E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F139E-E486-4F4B-A99B-B8757BF654F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B57DE1E4-190C-4216-B230-0A728309AD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEEBD8A-6535-4635-A390-2700E9463022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47192DE3-A103-42C4-A28D-8F5CFA6D7A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA49319-4F1D-42CF-81CC-23F3A8F23A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C855EE7-B0B4-4360-92ED-D397702339B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE605A67-F4B2-4FB0-A554-13130B3ECE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CE0D3-9D97-4E87-A6D8-190BCCE1D746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35F76D20-E9BD-486C-ADCA-52093B49BFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2AEA3D-C81A-4606-BB25-7348F23B5B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11292AD1-91C9-4407-859A-09CC757A7DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F1C5FA-9B2B-451F-B11B-22599DE63FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0960B36-2713-4B8D-9B92-18D616218A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5122EF-8428-46AD-A051-718E907C413C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCE5715-5415-4D79-AAE7-59DA7CD7B899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "543A6C6E-5FFE-4F2D-A8CE-BD21F8921BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9ADC42-E62E-49D1-944F-C05ED60C96E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C90C24A0-6C65-4D6C-9CA7-AB49AF7A8300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB75B67-1BC5-42BA-98EF-E3A834C33F26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution."
},
{
"lang": "es",
"value": "ExpressionEngine, en versiones 2.x anteriores a la 2.11.8 y en versiones 3.x anteriores a la 3.5.5, crea un token de firma de objeto con una entrop\u00eda d\u00e9bil. Si se adivina el token correctamente, puede conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2017-0897",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-22T21:29:00.183",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/215890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/215890"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-15 23:15
Modified
2024-11-21 05:57
Severity ?
Summary
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * | |
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A96212E-D52F-41B5-997C-F4B973894748",
"versionEndExcluding": "5.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "839B032C-0093-4F93-AB5E-269A7EDB2644",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory."
},
{
"lang": "es",
"value": "ExpressionEngine versiones anteriores a 5.4.2 y versiones 6.x anteriores a 6.0.3, permite una inyecci\u00f3n de c\u00f3digo PHP por parte de determinados usuarios autenticados que pueden aprovechar a la funci\u00f3n Translate::save() para escribir en un archivo _lang.php en el directorio system/user/language"
}
],
"id": "CVE-2021-27230",
"lastModified": "2024-11-21T05:57:38.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-15T23:15:12.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://expressionengine.com/features"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1093444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://expressionengine.com/features"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1093444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-16 15:15
Modified
2025-03-17 14:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
ExpressionEngine before 7.4.11 allows XSS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5F4372-07D0-4FE8-90E9-515697680D1C",
"versionEndExcluding": "7.4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 7.4.11 allows XSS."
},
{
"lang": "es",
"value": "ExpressionEngine anterior a 7.4.11 permite XSS."
}
],
"id": "CVE-2024-38454",
"lastModified": "2025-03-17T14:15:17.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-16T15:15:51.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-26 05:51
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | 1.6.4 | |
| expressionengine | expressionengine | 1.6.5 | |
| expressionengine | expressionengine | 1.6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C85E9A1-1302-4AE2-8F78-725438C6EE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11CBFAF3-112B-49C0-98D4-E221C01BB36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65A6DBA5-35E1-4910-873F-E68A308851C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en system/index.php in ExpressionEngine v1.6.4 a la v1.6.6 y posiblemente otras versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"avatar\"."
}
],
"id": "CVE-2009-1070",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-26T05:51:52.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34379"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34193"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 21:15
Modified
2024-11-21 06:08
Severity ?
Summary
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36843CCC-54C2-4982-B698-93D631453E70",
"versionEndExcluding": "6.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-\u003eget(\u0027file\u0027) instead of the fixed file names of icon.png and icon.svg."
},
{
"lang": "es",
"value": "En Expression Engine versiones anteriores a 6.0.3, la funci\u00f3n addonIcon en el archivo Addons/file/mod.file.php es basada en el valor de entrada no confiable de input-)get(\"file\") en lugar de los nombres de archivo fijos de icon.png e icon.svg"
}
],
"id": "CVE-2021-33199",
"lastModified": "2024-11-21T06:08:30.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T21:15:07.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-10 00:46
Modified
2025-04-09 00:30
Severity ?
Summary
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74A1574F-1A5D-452B-A4EB-1D5E812DF8EB",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF (se refiere a CR (retorno de carro) y LF (salto de l\u00ednea)) en index.php de ExpressionEngine 1.2.1 y anteriores permite a atacantes remotos inyectar cabeceras HTTP y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s del par\u00e1metro URL."
}
],
"id": "CVE-2008-0202",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-10T00:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3539"
},
{
"source": "cve@mitre.org",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"source": "cve@mitre.org",
"url": "http://websecurity.com.ua/1454/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websecurity.com.ua/1454/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-24 15:15
Modified
2024-11-21 05:01
Severity ?
Summary
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://expressionengine.com/blog | Vendor Advisory | |
| cve@mitre.org | https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://expressionengine.com/blog | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC89331-D8D0-4AC1-822A-0CB8E2808E4A",
"versionEndExcluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
},
{
"lang": "es",
"value": "ExpressionEngine versiones anteriores a 5.3.2, permite a atacantes remotos cargar y ejecutar c\u00f3digo arbitrario en un archivo .php%20 por medio de las acciones Componer Msg, Add attachment y Save As Draft. Un usuario con pocos privilegios (miembro) es capaz de cargar esto. Es posible omitir la comprobaci\u00f3n del tipo MIME y la comprobaci\u00f3n de extensi\u00f3n de archivo al cargar nuevos archivos. Los seud\u00f3nimos cortos no se usan para un archivo adjunto; en cambio, se permite el acceso directo a los archivos cargados. Es posible cargar PHP solo si uno tiene acceso de miembro, o registration/forum est\u00e1 habilitado y uno puede crear un miembro con el ID de grupo predeterminado de 5. Para explotar esto, uno debe ser capaz de enviar y redactar mensajes (al menos)"
}
],
"id": "CVE-2020-13443",
"lastModified": "2024-11-21T05:01:16.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-24T15:15:11.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://expressionengine.com/blog"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://expressionengine.com/blog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-10 00:46
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74A1574F-1A5D-452B-A4EB-1D5E812DF8EB",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de ExpressionEngine 1.2.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro URL."
}
],
"id": "CVE-2008-0201",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-10T00:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3539"
},
{
"source": "cve@mitre.org",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"source": "cve@mitre.org",
"url": "http://websecurity.com.ua/1454/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websecurity.com.ua/1454/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-09 15:15
Modified
2024-11-21 07:45
Severity ?
Summary
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B03D48F-F3D2-43C7-8453-097B3DC222FC",
"versionEndExcluding": "7.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user."
}
],
"id": "CVE-2023-22953",
"lastModified": "2024-11-21T07:45:42.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-09T15:15:11.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"source": "cve@mitre.org",
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1820492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1820492"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-01 23:29
Modified
2024-11-21 03:55
Severity ?
Summary
ExpressionEngine before 4.3.5 has reflected XSS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "449F9C22-BCC7-4EF6-9E39-18997FD6AC24",
"versionEndExcluding": "4.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 4.3.5 has reflected XSS."
},
{
"lang": "es",
"value": "ExpressionEngine en versiones anteriores a la 4.3.5 tiene Cross-Site Scripting (XSS) reflejado."
}
],
"id": "CVE-2018-17874",
"lastModified": "2024-11-21T03:55:06.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-01T23:29:01.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-04 15:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2..5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7230878-DCFA-4307-BB1D-BDFF353FD577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.0.0:public_beta:*:*:*:*:*:*",
"matchCriteriaId": "C0693E21-244D-4DA3-A12A-C0BDFA966383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.0.1:public_beta:*:*:*:*:*:*",
"matchCriteriaId": "3EEAFB5E-8947-40F1-A88E-C66D509E3E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.0.2:public_beta:*:*:*:*:*:*",
"matchCriteriaId": "467FE6B7-6CA2-4E57-A9D0-3B6C87F553AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24227613-4AAE-4002-BCD1-5994AE886A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5398A62F-B83F-40C8-B723-388E29CE59CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80FFA87F-67EF-48CB-A3CE-EEDBC20BA607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A223E8C-3AC8-4FFB-931A-F8CA4A9E064E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFE418-9E58-4E93-BE8F-62FC65C346E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ellislab:expressionengine:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95E3FE36-C31A-44D1-893A-E73C562715BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F8954B-4058-48E6-82A7-CDA3F4E11DC4",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B61035E8-E776-455D-A87E-D89C635EF612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B084EE1-049A-45E7-9DAA-78A67A08ED2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D9D6C6-E1BE-4AED-BD5A-251E62E02355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB81D8E5-F981-4BA7-ABF3-529E7155EED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34003923-392F-4D6E-91FA-7CEF9CF47933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446AC2B4-DA7A-4982-B383-DF2B0E2FA95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C7196D-190B-4180-AACC-141A13D51DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFAA28E-F9C1-4246-B218-C51A5493C56B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E743D80-E5D3-4CB8-9412-99B2A55CD52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC16511-FDA2-4F85-BB37-557165629592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A730EF01-BB6D-4163-BCF8-7267798857E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63CA981E-DE29-48B2-8B78-EAF2F6DE6990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7BC9ED-18C4-43D1-88DF-9D41ECB20A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64EA0BBC-4D35-4E83-9FEA-80834C5823EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3530A171-A49E-45A3-8DE6-562B657B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C826EC11-0541-415F-ABA7-457D3DF67685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC6E0BC-DA5D-4828-96A2-1029AD0CB853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA7430A-0A6A-4B30-BD0D-E88E4C2914F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFED8674-66D2-404F-9676-71861D85103D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en EllisLab ExpressionEngine anterior a 2.9.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) column_filter o (2) category[] en system/index.php o el par\u00e1metro (3) tbl_sort[0][] en el m\u00f3dulo comment en system/index.php."
}
],
"id": "CVE-2014-5387",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-04T15:55:05.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"source": "cve@mitre.org",
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 18:15
Modified
2024-11-21 05:38
Severity ?
Summary
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/968240 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/968240 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69F9D93C-F561-4EBA-9EC6-11869917C877",
"versionEndIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unsanitized user input in ExpressionEngine \u003c= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack."
},
{
"lang": "es",
"value": "Una entrada del usuario no saneada en la creaci\u00f3n de miembros del panel de control de ExpressionEngine versiones anteriores a 5.4.0 incluy\u00e9ndola, conlleva a una inyecci\u00f3n SQL. El usuario necesita la creaci\u00f3n de miembros/acceso al panel de control para ejecutar el ataque"
}
],
"id": "CVE-2020-8242",
"lastModified": "2024-11-21T05:38:34.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:08.723",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/968240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/968240"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 05:29
Modified
2025-04-20 01:37
Severity ?
Summary
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| expressionengine | expressionengine | 3.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:expressionengine:expressionengine:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35F76D20-E9BD-486C-ADCA-52093B49BFA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection"
},
{
"lang": "es",
"value": "EllisLab ExpressionEngine 3.4.2 es vulnerable a Cross-Site Scripting, lo que da lugar a una inyecci\u00f3n de c\u00f3digo PHP."
}
],
"id": "CVE-2017-1000160",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T05:29:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0202 (GCVE-0-2008-0202)
Vulnerability from cvelistv5
Published
2008-01-10 00:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"name": "http://websecurity.com.ua/1454/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1454/"
},
{
"name": "http://securityvulns.ru/Sdocument472.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0202",
"datePublished": "2008-01-10T00:00:00",
"dateReserved": "2008-01-09T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27230 (GCVE-0-2021-27230)
Vulnerability from cvelistv5
Published
2021-03-15 22:52
Modified
2024-08-03 20:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:15.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1093444"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://expressionengine.com/features"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-15T23:06:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1093444"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://expressionengine.com/features"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1093444",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1093444"
},
{
"name": "https://expressionengine.com/features",
"refsource": "MISC",
"url": "https://expressionengine.com/features"
},
{
"name": "http://seclists.org/fulldisclosure/2021/Mar/32",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/Mar/32"
},
{
"name": "http://karmainsecurity.com/KIS-2021-03",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2021-03"
},
{
"name": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27230",
"datePublished": "2021-03-15T22:52:42",
"dateReserved": "2021-02-16T00:00:00",
"dateUpdated": "2024-08-03T20:48:15.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22953 (GCVE-0-2023-22953)
Vulnerability from cvelistv5
Published
2023-02-09 00:00
Modified
2024-08-02 10:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1820492"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://hackerone.com/reports/1820492"
},
{
"url": "https://docs.expressionengine.com/latest/installation/changelog.html"
},
{
"url": "https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22953",
"datePublished": "2023-02-09T00:00:00",
"dateReserved": "2023-01-11T00:00:00",
"dateUpdated": "2024-08-02T10:20:31.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44534 (GCVE-0-2021-44534)
Vulnerability from cvelistv5
Published
2024-05-31 17:40
Modified
2024-08-04 04:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ExpressionEngine | ExpressionEngine |
Version: 6.0.3 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:expressionengine:expressionengine:6.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expressionengine",
"vendor": "expressionengine",
"versions": [
{
"status": "affected",
"version": "6.0.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:expressionengine:expressionengine:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expressionengine",
"vendor": "expressionengine",
"versions": [
{
"status": "unaffected",
"version": "6.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:25:34.277497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:15:27.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1096043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "ExpressionEngine",
"versions": [
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThan": "6.0.0",
"status": "unaffected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.\r\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T17:40:31.559Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1096043"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-44534",
"datePublished": "2024-05-31T17:40:31.559Z",
"dateReserved": "2021-12-02T23:52:53.969Z",
"dateUpdated": "2024-08-04T04:25:16.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38454 (GCVE-0-2024-38454)
Vulnerability from cvelistv5
Published
2024-06-16 00:00
Modified
2025-03-17 14:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ExpressionEngine before 7.4.11 allows XSS.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T20:40:29.515058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:07:46.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 7.4.11 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T14:24:40.863Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ExpressionEngine/ExpressionEngine/pull/4279"
},
{
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/7.4.10...7.4.11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38454",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T14:07:46.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8242 (GCVE-0-2020-8242)
Vulnerability from cvelistv5
Published
2022-02-18 17:50
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection ()
Summary
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ExpressionEngine |
Version: <= 5.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/968240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unsanitized user input in ExpressionEngine \u003c= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection (CWE-89)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:57",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/968240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExpressionEngine",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsanitized user input in ExpressionEngine \u003c= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/968240",
"refsource": "MISC",
"url": "https://hackerone.com/reports/968240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8242",
"datePublished": "2022-02-18T17:50:57",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0897 (GCVE-0-2017-0897)
Vulnerability from cvelistv5
Published
2017-06-22 21:00
Modified
2024-08-05 13:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values ()
Summary
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EllisLab | ExpressionEngine |
Version: Versions before 2.11.8 and 3.5.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99242",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/215890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressionEngine",
"vendor": "EllisLab",
"versions": [
{
"status": "affected",
"version": "Versions before 2.11.8 and 3.5.5"
}
]
}
],
"datePublic": "2017-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "Use of Insufficiently Random Values (CWE-330)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-26T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "99242",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/215890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExpressionEngine",
"version": {
"version_data": [
{
"version_value": "Versions before 2.11.8 and 3.5.5"
}
]
}
}
]
},
"vendor_name": "EllisLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values (CWE-330)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99242"
},
{
"name": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"name": "https://hackerone.com/reports/215890",
"refsource": "MISC",
"url": "https://hackerone.com/reports/215890"
},
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"name": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released",
"refsource": "CONFIRM",
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0897",
"datePublished": "2017-06-22T21:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:16.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13443 (GCVE-0-2020-13443)
Vulnerability from cvelistv5
Published
2020-06-24 14:34
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://expressionengine.com/blog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T14:34:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://expressionengine.com/blog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://expressionengine.com/blog",
"refsource": "MISC",
"url": "https://expressionengine.com/blog"
},
{
"name": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09",
"refsource": "MISC",
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13443",
"datePublished": "2020-06-24T14:34:44",
"dateReserved": "2020-05-25T00:00:00",
"dateUpdated": "2024-08-04T12:18:18.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17874 (GCVE-0-2018-17874)
Vulnerability from cvelistv5
Published
2018-10-01 23:00
Modified
2024-08-05 11:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ExpressionEngine before 4.3.5 has reflected XSS.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:13.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ExpressionEngine before 4.3.5 has reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-01T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExpressionEngine before 4.3.5 has reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5",
"refsource": "CONFIRM",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17874",
"datePublished": "2018-10-01T23:00:00",
"dateReserved": "2018-10-01T00:00:00",
"dateUpdated": "2024-08-05T11:01:13.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000160 (GCVE-0-2017-1000160)
Vulnerability from cvelistv5
Published
2017-11-17 05:00
Modified
2024-09-17 01:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.372590",
"ID": "CVE-2017-1000160",
"REQUESTER": "hbuchwald@ripstech.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3",
"refsource": "MISC",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000160",
"datePublished": "2017-11-17T05:00:00Z",
"dateReserved": "2017-11-16T00:00:00Z",
"dateUpdated": "2024-09-17T01:26:26.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1070 (GCVE-0-2009-1070)
Vulnerability from cvelistv5
Published
2009-03-24 19:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34193"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/"
},
{
"name": "20090322 ExpressionEngine Persistent Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502045/100/0/threaded"
},
{
"name": "http://expressionengine.com/docs/changelog.html#v167",
"refsource": "CONFIRM",
"url": "http://expressionengine.com/docs/changelog.html#v167"
},
{
"name": "34379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34379"
},
{
"name": "expressionengine-avatar-xss(49359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49359"
},
{
"name": "34193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34193"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1070",
"datePublished": "2009-03-24T19:00:00",
"dateReserved": "2009-03-24T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5387 (GCVE-0-2014-5387)
Vulnerability from cvelistv5
Published
2014-11-04 15:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html"
},
{
"name": "https://ellislab.com/expressionengine/user-guide/about/changelog.html",
"refsource": "MISC",
"url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html"
},
{
"name": "70875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70875"
},
{
"name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/2"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5387",
"datePublished": "2014-11-04T15:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0201 (GCVE-0-2008-0201)
Vulnerability from cvelistv5
Published
2008-01-10 00:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1454/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27128"
},
{
"name": "http://websecurity.com.ua/1454/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1454/"
},
{
"name": "http://securityvulns.ru/Sdocument472.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument472.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3539"
},
{
"name": "expressionengine-index-xss(39442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0201",
"datePublished": "2008-01-10T00:00:00",
"dateReserved": "2008-01-09T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33199 (GCVE-0-2021-33199)
Vulnerability from cvelistv5
Published
2021-08-12 20:46
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-\u003eget(\u0027file\u0027) instead of the fixed file names of icon.png and icon.svg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-12T20:46:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-\u003eget(\u0027file\u0027) instead of the fixed file names of icon.png and icon.svg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3",
"refsource": "MISC",
"url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3"
},
{
"name": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508",
"refsource": "MISC",
"url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33199",
"datePublished": "2021-08-12T20:46:06",
"dateReserved": "2021-05-19T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}