Latest News

Security Vulnerability - All Exponent Versions - October 2016

October 29, 2016 Tags: release, bugs, security

There are several security vulnerabilities in all versions of Exponent 2.x found in September and October, 2016, reported by a number of individuals including:Manuel Garcia Cardenas, the PKAV TEAM, fyth, felixk3y, DM_, obfusor, xiaoL, ylgaaaaa, Tomato, wooeast, and xiojunjie, These vulnerabilities could allow possible SQL injections, remote file exploits, RCE, XSS, changes to configurations, and other issues. They have been present in all versions of Exponent (2.x). The fix is: (read more)

Patch #1 Released for V2.3.9

September 13, 2016 Tags: patch, release, bugs

This patch fixes several issues in the v2.3.9 release. It also provides several tweaks and new features including a 'fill screen' feature for the elFinder file manager, though the main focus is providing several security fixes.  Patch #1 to v2.3.9 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.9-patch-1.zip/download (read more)

Version 2.3.9 Released

September 1, 2016 Tags: release, bugs

This version, code-named 'Sultry Summer' fixes many issues in the previous version(s) and adds several new features. There is a new dynamic drag-n-drop form designer for Twitter Bootstrap 3 based themes which greatly speeds up form design. It also provides much better support for small devices when using a Twitter Bootstrap 3 based theme. Other major include: (read more)

Security Vulnerability - All Exponent Versions - August 2016

August 28, 2016 Tags: patch, security

There is a security vulnerability in Exponent 2.x found on August 26, 2016 reported by Balisong which could allow uploaded scripts to be executed.  It has been present in all versions of Exponent (2.x). The fix is: (read more)