Genixcms@* Security Vulnerabilities and Issues — Genixcms@* CVE List

Lucene search

GenixcmsGenixcms*

4 matches found

CVE•added 2015/03/23 4:59 p.m.•57 views

CVE-2015-2679

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

7.5CVSS8.8AI score0.09108EPSS

CVE•added 2017/09/10 7:29 a.m.•51 views

CVE-2017-14231

GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin[removed] username versus the admin username, related to register.php, User.class.php, and Type.class.php.

5.3CVSS5.2AI score0.00608EPSS

CVE•added 2015/03/23 4:59 p.m.•43 views

CVE-2015-2678

Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.

4.3CVSS5.9AI score0.12214EPSS

CVE•added 2017/01/01 7:59 p.m.•35 views

CVE-2016-10096

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.

7.5CVSS7.8AI score0.00496EPSS