GeniXCMS /inc/lib/backend/menus.control.php file cross-site scripting vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in the /inc/lib/backend/menus.control.php file in MetalGenix...

SQL Injection

genix/cms is vulnerable to SQL injection attacks. The attacks exist because it does not filter the user-supplied parameter order given to the updateMenuOrder function in inc/lib/Control/Backend/menus.control.php which uses it as an SQL query...