Vulnerabilities > Genixcms > Genixcms > 0.0.1

DATE CVE VULNERABILITY TITLE RISK
2017-09-10 CVE-2017-14231 Improper Input Validation vulnerability in Genixcms
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.
network
low complexity
genixcms CWE-20
5.0
5.0
2017-01-01 CVE-2016-10096 SQL Injection vulnerability in Genixcms
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
network
low complexity
genixcms CWE-89
7.5
7.5
2015-03-23 CVE-2015-2679 SQL Injection vulnerability in Genixcms 0.0.1
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
network
low complexity
genixcms CWE-89
7.5
7.5
2015-03-23 CVE-2015-2678 Cross-site Scripting vulnerability in Genixcms 0.0.1
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.
network
genixcms CWE-79
4.3
4.3