Lucene search

[email protected]CVE-2015-2679

HistoryMar 23, 2015 - 4:59 p.m.

CVE-2015-2679

2015-03-2316:59:07

CWE-89

[email protected]

web.nvd.nist.gov

cve

2015

2679

sql injection

metalgenix

genixcms

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

Affected configurations

NVD

Node

genixcmsgenixcmsRange≤0.0.1

CPENameOperatorVersion
genixcms:genixcmsgenixcmsle0.0.1

CPE	Name	Operator	Version
genixcms:genixcms	genixcms	le	0.0.1

References

blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17

blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16

osvdb.org/show/osvdb/119392

osvdb.org/show/osvdb/119393

packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html

www.exploit-db.com/exploits/36321

www.securityfocus.com/bid/73297

www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php

github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815

github.com/semplon/GeniXCMS/issues/7

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2015-2679

prion1 nvd1 cvelist1 zeroscience1