Vulnerabilities > Genixcms > Genixcms > 0.0.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-10 | CVE-2017-14231 | Improper Input Validation vulnerability in Genixcms GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. | 5.0 |
2017-01-12 | CVE-2017-5346 | SQL Injection vulnerability in Genixcms 0.0.8 SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php. | 6.5 |
2017-01-01 | CVE-2016-10096 | SQL Injection vulnerability in Genixcms SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter. | 7.5 |