Lucene search

[email protected]NVD:CVE-2015-2679

HistoryMar 23, 2015 - 4:59 p.m.

CVE-2015-2679

2015-03-2316:59:07

CWE-89

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

Affected configurations

NVD

Node

genixcmsgenixcmsRange≤0.0.1

References

blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17

blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16

osvdb.org/show/osvdb/119392

osvdb.org/show/osvdb/119393

packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html

www.exploit-db.com/exploits/36321

www.securityfocus.com/bid/73297

www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php

github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815

github.com/semplon/GeniXCMS/issues/7

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for NVD:CVE-2015-2679

prion1 cvelist1 cve1 zeroscience1