CVE-2015-2679

2015-03-2316:00:00

mitre

www.cve.org

8.5 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

References

blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17

blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16

osvdb.org/show/osvdb/119392

osvdb.org/show/osvdb/119393

packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html

www.exploit-db.com/exploits/36321

www.securityfocus.com/bid/73297

www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php

github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815

github.com/semplon/GeniXCMS/issues/7