Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
genixcms genixcms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-8377
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
Genixcms Genixcms 1.0.2
5.4
CVSSv3
CVE-2017-8762
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.
Genixcms Genixcms 1.0.2
9.1
CVSSv3
CVE-2017-8827
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote malicious users to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
Genixcms Genixcms 1.0.2
8.8
CVSSv3
CVE-2017-14763
In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.
Genixcms Genixcms 1.1.4
8.8
CVSSv3
CVE-2017-14764
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.
Genixcms Genixcms 1.1.4
6.1
CVSSv3
CVE-2017-17431
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
Genixcms Genixcms 1.1.5
4.8
CVSSv3
CVE-2017-8780
GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.
Genixcms Genixcms 1.0.2
5.3
CVSSv3
CVE-2017-8388
GeniXCMS 1.0.2 allows remote malicious users to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.
Genixcms Genixcms 1.0.2
9.8
CVSSv3
CVE-2017-5517
SQL injection vulnerability in author.control.php in GeniXCMS up to and including 0.0.8 allows remote malicious users to execute arbitrary SQL commands via the type parameter.
Metalgenix Genixcms
8.8
CVSSv3
CVE-2017-6065
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS up to and including 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
Metalgenix Genixcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »