MidnightBSD

Advisories for expressionengine

CVE-2014-5387 MEDIUM

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
expressionengine expressionengine 2.2.2
ellislab expressionengine 2.0.1
expressionengine expressionengine 2.6.0
expressionengine expressionengine 2.7.0
ellislab expressionengine 2.7.2
ellislab expressionengine 2.5.5
expressionengine expressionengine 2.5.3
expressionengine expressionengine 2.2.0
expressionengine expressionengine 2.2.1
expressionengine expressionengine 2.3.0
expressionengine expressionengine 2.5.2
expressionengine expressionengine 2.1.5
ellislab expressionengine 2.0.0
expressionengine expressionengine 2.1.0
expressionengine expressionengine 2.7.3
expressionengine expressionengine 2.4.0
ellislab expressionengine 2.8.1
expressionengine expressionengine 2.1.4
expressionengine expressionengine 2.5.0
ellislab expressionengine 2.0.2
ellislab expressionengine 2.3.1
ellislab expressionengine 2.6.1
expressionengine expressionengine 2.8.0
ellislab expressionengine 2.7.1
expressionengine expressionengine 2.1.1
expressionengine expressionengine 2.5.1
expressionengine expressionengine *
ellislab expressionengine 2..5.4
expressionengine expressionengine 2.1.2
expressionengine expressionengine 2.1.3
CVE-2017-0897 MEDIUM

ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-331,

Products Affected

Vendor Product Version
expressionengine expressionengine 3.2.1
expressionengine expressionengine 3.0.5
expressionengine expressionengine 2.6.0
expressionengine expressionengine 2.11.3
expressionengine expressionengine 3.0.6
expressionengine expressionengine 3.5.4
expressionengine expressionengine 3.3.4
expressionengine expressionengine 2.11.0
expressionengine expressionengine 2.5.3
expressionengine expressionengine 2.2.0
expressionengine expressionengine 2.5.4
expressionengine expressionengine 2.10.2
expressionengine expressionengine 3.4.7
expressionengine expressionengine 3.4.3
expressionengine expressionengine 2.2.1
expressionengine expressionengine 2.7.2
expressionengine expressionengine 2.11.4
expressionengine expressionengine 3.4.6
expressionengine expressionengine 2.3.0
expressionengine expressionengine 3.4.1
expressionengine expressionengine 3.4.5
expressionengine expressionengine 2.1.0
expressionengine expressionengine 2.7.3
expressionengine expressionengine 2.4.0
expressionengine expressionengine 2.6.1
expressionengine expressionengine 2.10.3
expressionengine expressionengine 2.9.3
expressionengine expressionengine 2.1.4
expressionengine expressionengine 3.1.2
expressionengine expressionengine 3.3.3
expressionengine expressionengine 3.1.1
expressionengine expressionengine 3.5.0
expressionengine expressionengine 3.3.2
expressionengine expressionengine 2.11.6
expressionengine expressionengine 2.5.1
expressionengine expressionengine 3.1.0
expressionengine expressionengine 2.1.2
expressionengine expressionengine 2.2.2
expressionengine expressionengine 3.3.1
expressionengine expressionengine 3.5.1
expressionengine expressionengine 2.7.0
expressionengine expressionengine 2.9.2
expressionengine expressionengine 3.2.0
expressionengine expressionengine 2.11.1
expressionengine expressionengine 3.4.0
expressionengine expressionengine 3.1.4
expressionengine expressionengine 2.7.1
expressionengine expressionengine 2.8.1
expressionengine expressionengine 3.4.4
expressionengine expressionengine 2.5.2
expressionengine expressionengine 3.3.0
expressionengine expressionengine 2.1.5
expressionengine expressionengine 2.0.1
expressionengine expressionengine 2.0.2
expressionengine expressionengine 2.9.0
expressionengine expressionengine 2.0.0
expressionengine expressionengine 2.11.5
expressionengine expressionengine 3.5.2
expressionengine expressionengine 3.5.3
expressionengine expressionengine 3.0.3
expressionengine expressionengine 3.0.4
expressionengine expressionengine 2.3.1
expressionengine expressionengine 2.10.0
expressionengine expressionengine 3.0.0
expressionengine expressionengine 3.1.3
expressionengine expressionengine 2.5.0
expressionengine expressionengine 3.0.2
expressionengine expressionengine 2.5.5
expressionengine expressionengine 2.11.7
expressionengine expressionengine 2.9.1
expressionengine expressionengine 2.8.0
expressionengine expressionengine 2.1.1
expressionengine expressionengine 2.11.2
expressionengine expressionengine 3.4.2
expressionengine expressionengine 2.10.1
expressionengine expressionengine 2.1.3
expressionengine expressionengine 3.0.1
CVE-2017-1000160 LOW

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
expressionengine expressionengine 3.4.2
CVE-2018-17874 MEDIUM

ExpressionEngine before 4.3.5 has reflected XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
expressionengine expressionengine *
CVE-2020-13443 MEDIUM

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
expressionengine expressionengine *
CVE-2020-8242 MEDIUM

Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
expressionengine expressionengine *
CVE-2021-27230 MEDIUM

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
expressionengine expressionengine *
CVE-2021-33199 HIGH

In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
expressionengine expressionengine *
CVE-2023-22953

In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
expressionengine expressionengine *
CVE-2024-38454

ExpressionEngine before 7.4.11 allows XSS.

Products Affected

Vendor Product Version
expressionengine expressionengine *