Expressionengine : Security Vulnerabilities, CVEs, (Sql injection)
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
Max CVSS
7.2
EPSS Score
0.09%
Published
2022-02-18
Updated
2022-02-28
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
Max CVSS
6.5
EPSS Score
0.45%
Published
2014-11-04
Updated
2020-07-06
2 vulnerabilities found