Genixcms: >> Genixcms >> 0.0.1 Security Vulnerabilities
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.
CVSS Score
5.3
EPSS Score
0.006
Published
2017-09-10
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
CVSS Score
7.3
EPSS Score
0.005
Published
2017-01-01
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
CVSS Score
7.5
EPSS Score
0.091
Published
2015-03-23
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.
CVSS Score
4.3
EPSS Score
0.122
Published
2015-03-23