Vulnerabilities > Metalgenix > Genixcms > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-08 | CVE-2015-3933 | SQL Injection vulnerability in Metalgenix Genixcms 0.0.1/0.0.2/0.0.3 Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | 7.5 |
2017-02-21 | CVE-2017-5959 | Cross-Site Request Forgery (CSRF) vulnerability in Metalgenix Genixcms CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. | 7.5 |
2017-01-23 | CVE-2017-5575 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | 7.5 |
2017-01-23 | CVE-2017-5574 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | 7.5 |
2017-01-17 | CVE-2017-5519 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2017-01-17 | CVE-2017-5517 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | 7.5 |