Vulnerability Details CVE-2015-2679
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.105
EPSS Ranking 92.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17
- http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16
- http://osvdb.org/show/osvdb/119392
- http://osvdb.org/show/osvdb/119393
- http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html
- http://www.exploit-db.com/exploits/36321
- http://www.securityfocus.com/bid/73297
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php
- https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
- https://github.com/semplon/GeniXCMS/issues/7
- http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17
- http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16
- http://osvdb.org/show/osvdb/119392
- http://osvdb.org/show/osvdb/119393
- http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html
- http://www.exploit-db.com/exploits/36321
- http://www.securityfocus.com/bid/73297
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php
- https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
- https://github.com/semplon/GeniXCMS/issues/7