Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metalgenix genixcms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-3933
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS prior to 0.0.3-patch allow remote malicious users to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
Metalgenix Genixcms
1 EDB exploit
6.8
CVSSv2
CVE-2015-2680
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS prior to 0.0.2 allows remote malicious users to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
Metalgenix Genixcms
1 EDB exploit
7.5
CVSSv2
CVE-2017-5959
CSRF token bypass in GeniXCMS prior to 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.
Metalgenix Genixcms
6.5
CVSSv2
CVE-2017-6065
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS up to and including 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
Metalgenix Genixcms
4.3
CVSSv2
CVE-2017-5516
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS up to and including 0.0.8 allow remote malicious users to inject arbitrary web script or HTML via crafted parameters.
Metalgenix Genixcms
3.5
CVSSv2
CVE-2017-5515
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS up to and including 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
Metalgenix Genixcms
7.5
CVSSv2
CVE-2017-5517
SQL injection vulnerability in author.control.php in GeniXCMS up to and including 0.0.8 allows remote malicious users to execute arbitrary SQL commands via the type parameter.
Metalgenix Genixcms
4.3
CVSSv2
CVE-2017-5518
The media-file upload feature in GeniXCMS up to and including 0.0.8 allows remote malicious users to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
Metalgenix Genixcms
7.5
CVSSv2
CVE-2017-5519
SQL injection vulnerability in Posts.class.php in GeniXCMS up to and including 0.0.8 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Metalgenix Genixcms
6.5
CVSSv2
CVE-2017-5520
The media rename feature in GeniXCMS up to and including 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
Metalgenix Genixcms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »