Genixcms: >> Genixcms >> 0.0.8 Security Vulnerabilities
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.
CVSS Score
5.3
EPSS Score
0.006
Published
2017-09-10
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
CVSS Score
7.2
EPSS Score
0.011
Published
2017-01-12
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
CVSS Score
7.3
EPSS Score
0.005
Published
2017-01-01