Lucene search
K
GenixcmsGenixcms

18 matches found

CVE
CVE
added 2015/03/23 4:0 p.m.66 views

CVE-2015-2679

CVE-2015-2679 affects MetalGenix GeniXCMS up to version 0.0.2. The issue is due to unsanitized inputs: the page parameter in index.php and the username parameter in gxadmin/login.php are used directly in SQL queries, enabling remote SQL injection. Exploits/public PoCs exist (e.g., Exploit-DB 3632...

7.5CVSS8.8AI score0.05575EPSS
Web
CVE
CVE
added 2017/09/27 8:0 a.m.65 views

CVE-2017-14765

CVE-2017-14765 corresponds to a cross-site scripting (XSS) issue in GeniXCMS 1.1.4. The vulnerability is reported as XSS via the Menu ID field in gxadmin/index.php when handling a page=menus request, indicating unsanitized input in that field. The connected advisories reference GeniXCMS 1.1.4/1.1...

6.1CVSS5.7AI score0.00683EPSS
Web
CVE
CVE
added 2017/09/10 7:0 a.m.62 views

CVE-2017-14231

GeniXCMS before 1.1.0 is vulnerable to denial of service (account blockage) caused by mishandling of certain username substring relationships (e.g., admin[removed] vs admin) in registration logic. The issue affects register.php, User.class.php, and Type.class.php, and can be triggered remotely to...

5.3CVSS5.2AI score0.01421EPSS
CVE
CVE
added 2017/09/27 8:0 a.m.60 views

CVE-2017-14761

Technical details about CVE-2017-14761 are not publicly available in the provided connected documents. Monitor for updates.

6.1CVSS5.8AI score0.00683EPSS
Web
CVE
CVE
added 2017/09/27 8:0 a.m.57 views

CVE-2017-14762

In GeniXCMS 1.1.4, an XSS vulnerability exists in /inc/lib/Control/Backend/menus.control.php exploitable via the id parameter. The issue allows reflected/script-injected content in the affected page, as described by CVE-2017-14762. The provided documents do not specify the exact impact scope, exp...

6.1CVSS5.8AI score0.00683EPSS
Web
CVE
CVE
added 2017/09/27 8:0 a.m.56 views

CVE-2017-14763

GeniXCMS 1.1.4 is affected by CVE-2017-14763: remote authenticated users can trigger arbitrary PHP code execution through a .php file in a Theme ZIP during the Install Themes process. The issue arises from how theme archives are handled, enabling code execution from uploaded theme files. This is ...

8.8CVSS8.7AI score0.01422EPSS
CVE
CVE
added 2017/01/01 7:0 p.m.54 views

CVE-2016-10096

GeniXCMS before 1.0.0 contains a SQL injection in register.php that can be triggered by the activation parameter to allow remote execution of arbitrary SQL. The issue is exposed in multiple references (e.g., CVE-2016-10096 and accompanying advisories) and is reported across NVD, CNVD, OSV, GHSA, ...

7.5CVSS7.8AI score0.0107EPSS
CVE
CVE
added 2017/09/27 8:0 a.m.54 views

CVE-2017-14764

CVE-2017-14764 affects GeniXCMS 1.1.4. The vulnerability allows remote authenticated users to execute arbitrary PHP code by placing a .php file inside a ZIP archive of a module uploaded via the Upload Modules page. The underlying issue is improper handling of module ZIP contents during extraction...

8.8CVSS8.7AI score0.01537EPSS
CVE
CVE
added 2017/12/05 9:0 p.m.54 views

CVE-2017-17431

GeniXCMS 1.1.5 is vulnerable to cross-site scripting (XSS) via multiple input parameters (from, id, lang, menuid, mod, q, status, term, to, or token). The CVE note indicates potential overlap with CVE-2017-14761/62/65. Connected advisories corroborate XSS in GeniXCMS 1.1.4/1.1.5 (e.g., via id par...

6.1CVSS5.8AI score0.00683EPSS
CVE
CVE
added 2015/03/23 4:0 p.m.52 views

CVE-2015-2678

MetalGenix GeniXCMS before 0.0.2 is affected by multiple cross-site scripting (XSS) flaws. The vulnerability stems from unsanitized input in the cat parameter on gxadmin/index.php (for the categories page) and the page parameter on index.php, enabling remote attackers to inject arbitrary script/H...

4.3CVSS5.9AI score0.05358EPSS
Web
CVE
CVE
added 2017/05/08 6:10 a.m.52 views

CVE-2017-8827

CVE-2017-8827 affects GeniXCMS 1.0.2: the forgotpassword.php endpoint lacks rate limiting, enabling a remote attacker to cause login denial of service or potentially perform arbitrary user password reset attacks via repeated requests. The available connected documents corroborate the same descrip...

9.1CVSS9.1AI score0.01618EPSS
CVE
CVE
added 2018/04/26 2:0 p.m.51 views

CVE-2017-14740

GeniXCMS 1.1.0 is affected by an XSS vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu. The issue is documented across multiple sources (e.g., CVE-2017-14740 and related advisories) and is not described with a published ...

4.8CVSS4.6AI score0.00653EPSS
CVE
CVE
added 2017/05/01 4:0 p.m.47 views

CVE-2017-8376

GeniXCMS 1.0.2 is reported to have an authenticated XSS vulnerability triggered by mishandling of a comment during a mouse operation by an administrator. The flaw affects the CMS when processing a comment in an authenticated context; no remediation or fix version is provided in the connected docu...

5.4CVSS5.1AI score0.0064EPSS
CVE
CVE
added 2017/01/12 6:6 a.m.44 views

CVE-2017-5346

Summary: CVE-2017-5346 affects GeniXCMS 0.0.8. The vulnerability is in the file inc/lib/Control/Backend/posts.control.php and is exploitable via the id parameter to gxadmin/index.php. It allows remote authenticated administrators to execute arbitrary SQL commands, indicating a SQL injection flaw ...

7.2CVSS7.2AI score0.01648EPSS
Web
CVE
CVE
added 2017/05/01 4:0 p.m.44 views

CVE-2017-8377

CVE-2017-8377 affects GeniXCMS 1.0.2. The vulnerability is a SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter, enabling an attacker to manipulate SQL queries. Several connected sources corroborate that GeniXCMS 1.0.2 contains a SQL injection in the backend menus...

8.8CVSS9.1AI score0.0148EPSS
Web
CVE
CVE
added 2017/05/01 4:0 p.m.43 views

CVE-2017-8388

GeniXCMS 1.0.2 is affected by a protection bypass vulnerability that allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection via a register.php?act=edit&id=1 request. The issue is consistently described across multiple sources (NVD entry, GHSA/OSV entries, and related ad...

5.3CVSS5.2AI score0.01589EPSS
CVE
CVE
added 2017/05/03 10:0 p.m.40 views

CVE-2017-8762

CVE-2017-8762 affects GeniXCMS 1.0.2. The vulnerability is an XSS condition triggered when an authenticated user submits a page, demonstrated by a crafted oncut attribute in a B element. The Connected documents corroborate this across multiple sources (Red Hat, GHSA, OSV, CVE lists) with the same...

5.4CVSS5.1AI score0.00496EPSS
CVE
CVE
added 2017/05/04 2:0 p.m.38 views

CVE-2017-8780

GeniXCMS 1.0.2 is affected by a cross-site scripting (XSS) vulnerability triggered by a comment mishandled during an administrator publish operation, demonstrated by a malformed P element. Root cause and impact are described across multiple sources (NVD/NVD, Red Hat, GHSA, OSV, CNVD, CNVD). The d...

4.8CVSS4.9AI score0.00598EPSS