Metalgenix: >> Genixcms >> 0.0.3 Security Vulnerabilities
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-01-17
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.
CVSS Score
4.3
EPSS Score
0.073
Published
2015-06-24
Page 2