Vulnerabilities > Genixcms > Genixcms > 0.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-10 | CVE-2017-14231 | Improper Input Validation vulnerability in Genixcms GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. | 5.0 |
2017-01-01 | CVE-2016-10096 | SQL Injection vulnerability in Genixcms SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter. | 7.5 |
2015-03-23 | CVE-2015-2679 | SQL Injection vulnerability in Genixcms 0.0.1 Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | 7.5 |
2015-03-23 | CVE-2015-2678 | Cross-site Scripting vulnerability in Genixcms 0.0.1 Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. | 4.3 |