2 matches found
CVE-2017-6065
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter...
CVE-2017-6065
GeniXCMS contains a SQL injection in inc/lib/Control/Backend/menus.control.php (affecting 1.0.2 and earlier). The vulnerability arises because the parameter order is directly used in an SQL query without proper validation/sanitization, enabling remote authenticated users to execute arbitrary SQL ...