Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metalgenix genixcms vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2017-5520
The media rename feature in GeniXCMS up to and including 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
Metalgenix Genixcms
685
VMScore
CVE-2015-2680
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS prior to 0.0.2 allows remote malicious users to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
Metalgenix Genixcms
1 EDB exploit
383
VMScore
CVE-2018-14476
GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.
Metalgenix Genixcms 1.1.5
435
VMScore
CVE-2015-5066
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page...
Metalgenix Genixcms 0.0.3
1 EDB exploit
578
VMScore
CVE-2017-5347
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.
Metalgenix Genixcms 0.0.8
605
VMScore
CVE-2020-10057
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated...
Metalgenix Genixcms 1.1.7
578
VMScore
CVE-2017-5345
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.
Metalgenix Genixcms 0.0.8
312
VMScore
CVE-2022-24563
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.
Metalgenix Genixcms 1.1.11
755
VMScore
CVE-2015-2679
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS prior to 0.0.2 allow remote malicious users to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
Genixcms Genixcms
1 EDB exploit
435
VMScore
CVE-2015-2678
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS prior to 0.0.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.
Genixcms Genixcms
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2