Genixcms Security Vulnerabilities and Issues — Genixcms CVE List

Lucene search

MetalgenixGenixcms

6 matches found

CVE•added 2017/11/08 4:29 p.m.•56 views

CVE-2015-3933

Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.

9.8CVSS10AI score0.02429EPSS

CVE•added 2017/01/17 9:59 a.m.•37 views

CVE-2017-5517

SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.

9.8CVSS9.9AI score0.01058EPSS

CVE•added 2017/01/23 7:59 a.m.•37 views

CVE-2017-5575

SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.

9.8CVSS10AI score0.01956EPSS

CVE•added 2017/01/23 7:59 a.m.•34 views

CVE-2017-5574

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.

9.8CVSS10AI score0.03377EPSS

CVE•added 2017/02/21 7:59 a.m.•33 views

CVE-2017-5959

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.

9.8CVSS9.5AI score0.00122EPSS

CVE•added 2017/01/17 9:59 a.m.•32 views

CVE-2017-5519

SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

9.8CVSS9.9AI score0.01058EPSS