Genixcms@* Security Vulnerabilities and Issues — Genixcms@* CVE List

Lucene search

MetalgenixGenixcms*

12 matches found

CVE•added 2017/11/08 4:29 p.m.•56 views

CVE-2015-3933

Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.

9.8CVSS10AI score0.02429EPSS

CVE•added 2017/01/17 9:59 a.m.•41 views

CVE-2017-5515

Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.

5.4CVSS5AI score0.00141EPSS

CVE•added 2017/01/17 9:59 a.m.•39 views

CVE-2017-5520

The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the .php6, .php7 and .phtml extensions.

8.8CVSS8.7AI score0.00525EPSS

CVE•added 2017/01/17 9:59 a.m.•37 views

CVE-2017-5517

SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.

9.8CVSS9.9AI score0.01058EPSS

CVE•added 2017/01/23 7:59 a.m.•37 views

CVE-2017-5575

SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.

9.8CVSS10AI score0.01956EPSS

CVE•added 2017/01/17 9:59 a.m.•36 views

CVE-2017-5518

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.

7.4CVSS7.3AI score0.00403EPSS

CVE•added 2015/03/23 4:59 p.m.•35 views

CVE-2015-2680

Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.

6.8CVSS8.7AI score0.01789EPSS

CVE•added 2017/01/23 7:59 a.m.•34 views

CVE-2017-5574

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.

9.8CVSS10AI score0.03377EPSS

CVE•added 2017/02/17 8:59 p.m.•34 views

CVE-2017-6065

SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.

8.8CVSS8.8AI score0.00344EPSS

CVE•added 2017/02/21 7:59 a.m.•33 views

CVE-2017-5959

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.

9.8CVSS9.5AI score0.00122EPSS

CVE•added 2017/01/17 9:59 a.m.•32 views

CVE-2017-5519

SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

9.8CVSS9.9AI score0.01058EPSS

CVE•added 2017/01/17 9:59 a.m.•30 views

CVE-2017-5516

Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.

6.1CVSS6AI score0.00216EPSS