CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22953
https://notcve.org/view.php?id=CVE-2023-22953
09 Feb 2023 — In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. • https://docs.expressionengine.com/latest/installation/changelog.html •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8242
https://notcve.org/view.php?id=CVE-2020-8242
18 Feb 2022 — Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack. Una entrada del usuario no saneada en la creación de miembros del panel de control de ExpressionEngine versiones anteriores a 5.4.0 incluyéndola, conlleva a una inyección SQL. El usuario necesita la creación de miembros/acceso al panel de control para ejecutar el ataque • https://hackerone.com/reports/968240 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33199
https://notcve.org/view.php?id=CVE-2021-33199
12 Aug 2021 — In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. En Expression Engine versiones anteriores a 6.0.3, la función addonIcon en el archivo Addons/file/mod.file.php es basada en el valor de entrada no confiable de input-)get("file") en lugar de los nombres de archivo fijos de icon.png e icon.svg • https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 3CVE-2021-27230 – ExpressionEngine 6.0.2 PHP Code Injection
https://notcve.org/view.php?id=CVE-2021-27230
15 Mar 2021 — ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. ExpressionEngine versiones anteriores a 5.4.2 y versiones 6.x anteriores a 6.0.3, permite una inyección de código PHP por parte de determinados usuarios autenticados que pueden aprovechar a la función Translate::save() para escribir en un archivo _lang.php en el directorio system/user/language Ex... • https://packetstorm.news/files/id/161805 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13443
https://notcve.org/view.php?id=CVE-2020-13443
24 Jun 2020 — ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum i... • https://expressionengine.com/blog • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17874
https://notcve.org/view.php?id=CVE-2018-17874
01 Oct 2018 — ExpressionEngine before 4.3.5 has reflected XSS. ExpressionEngine en versiones anteriores a la 4.3.5 tiene Cross-Site Scripting (XSS) reflejado. • https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 77EXPL: 0CVE-2017-0897
https://notcve.org/view.php?id=CVE-2017-0897
22 Jun 2017 — ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution. ExpressionEngine, en versiones 2.x anteriores a la 2.11.8 y en versiones 3.x anteriores a la 3.5.5, crea un token de firma de objeto con una entropía débil. Si se adivina el token correctamente, puede conducir a la ejecución remota de código. • http://www.securityfocus.com/bid/99242 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •