Vulnerability Details CVE-2017-5345
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/95660
- https://github.com/semplon/GeniXCMS/commit/6e21c01d87672d81080450e6913e0093a02bfab8
- https://github.com/semplon/GeniXCMS/issues/60
- http://www.securityfocus.com/bid/95660
- https://github.com/semplon/GeniXCMS/commit/6e21c01d87672d81080450e6913e0093a02bfab8
- https://github.com/semplon/GeniXCMS/issues/60
Products affected by CVE-2017-5345
-
cpe:2.3:a:metalgenix:genixcms:0.0.8