Vulnerabilities > Genixcms > Genixcms > 0.0.8

DATE CVE VULNERABILITY TITLE RISK
2017-09-10 CVE-2017-14231 Improper Input Validation vulnerability in Genixcms
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.
network
low complexity
genixcms CWE-20
5.0
5.0
2017-01-12 CVE-2017-5346 SQL Injection vulnerability in Genixcms 0.0.8
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
network
low complexity
genixcms CWE-89
6.5
6.5
2017-01-01 CVE-2016-10096 SQL Injection vulnerability in Genixcms
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
network
low complexity
genixcms CWE-89
7.5
7.5