Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
genixcms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-8388
GeniXCMS 1.0.2 allows remote malicious users to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.
Genixcms Genixcms 1.0.2
4.3
CVSSv2
CVE-2017-17431
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
Genixcms Genixcms 1.1.5
6.5
CVSSv2
CVE-2017-5346
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
Genixcms Genixcms 0.0.8
6.5
CVSSv2
CVE-2017-14763
In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.
Genixcms Genixcms 1.1.4
4.3
CVSSv2
CVE-2017-14765
In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.
Genixcms Genixcms 1.1.4
3.5
CVSSv2
CVE-2017-8762
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.
Genixcms Genixcms 1.0.2
3.5
CVSSv2
CVE-2017-8780
GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.
Genixcms Genixcms 1.0.2
6.4
CVSSv2
CVE-2017-8827
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote malicious users to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
Genixcms Genixcms 1.0.2
6.8
CVSSv2
CVE-2015-2680
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS prior to 0.0.2 allows remote malicious users to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
Metalgenix Genixcms
1 EDB exploit
7.5
CVSSv2
CVE-2015-3933
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS prior to 0.0.3-patch allow remote malicious users to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
Metalgenix Genixcms
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »