EPSS
Percentile
42.5%
genix/cms is vulnerable to SQL injection attacks. The attacks exist because it does not filter the user-supplied parameter order given to the updateMenuOrder function in inc/lib/Control/Backend/menus.control.php which uses it as an SQL query.
order
updateMenuOrder
inc/lib/Control/Backend/menus.control.php
www.securityfocus.com/bid/96305
github.com/semplon/GeniXCMS/issues/71