Vulnerabilities > Metalgenix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-17 | CVE-2017-5518 | Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | 7.4 |
| 2017-01-17 | CVE-2017-5517 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | 9.8 |
| 2017-01-17 | CVE-2017-5516 | Cross-site Scripting vulnerability in Metalgenix Genixcms Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | 6.1 |
| 2017-01-17 | CVE-2017-5515 | Cross-site Scripting vulnerability in Metalgenix Genixcms Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | 5.4 |
| 2017-01-12 | CVE-2017-5347 | SQL Injection vulnerability in Metalgenix Genixcms 0.0.8 SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | 7.2 |
| 2017-01-12 | CVE-2017-5345 | SQL Injection vulnerability in Metalgenix Genixcms 0.0.8 SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. | 8.8 |