Metalgenix: >> Genixcms >> 1.0.1 Security Vulnerabilities
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.
CVSS Score
9.8
EPSS Score
0.001
Published
2017-02-21
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-02-17