GeniXCMS SQL injection vulnerability

2022-05-1401:20:03

CWE-89

GitHub Advisory Database

github.com

8.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.

CPENameOperatorVersion
genix/cmslt1.0.0

CPE	Name	Operator	Version
	genix/cms	lt	1.0.0

References

code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.html

www.securityfocus.com/bid/95655

github.com/advisories/GHSA-2ppw-6xvg-rwgw

github.com/semplon/GeniXCMS/commit/abfbb6103bfa860275f89d1215ed9c3cba94791e

github.com/semplon/GeniXCMS/issues/61

nvd.nist.gov/vuln/detail/CVE-2017-5346