cbcvebase.

Genix Cms vulnerabilities

12 known vulnerabilities affecting genix/cms.

Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2015-3933P2CRITICALPoC≥ 0, ≤ 0.0.32022-05-17
CVE-2015-3933 [CRITICAL] CWE-89 MetalGenix GeniXCMS vulnerable to SQL Injection MetalGenix GeniXCMS vulnerable to SQL Injection Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
ghsaosv
CVE-2017-8377P3HIGH≥ 0, < 1.1.02022-05-17
CVE-2017-8377 [HIGH] CWE-89 GeniXCMS SQL Injection GeniXCMS SQL Injection GeniXCMS 1.0.2 has SQL Injection in `inc/lib/Control/Backend/menus.control.php` via the menuid parameter.
ghsaosv
CVE-2017-5346P3HIGH≥ 0, < 1.0.02022-05-14
CVE-2017-5346 [HIGH] CWE-89 GeniXCMS SQL injection vulnerability GeniXCMS SQL injection vulnerability SQL injection vulnerability in `inc/lib/Control/Backend/posts.control.php` in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
ghsaosv
CVE-2016-10096P3HIGH≥ 0, < 1.0.02022-05-17
CVE-2016-10096 [HIGH] CWE-89 GeniXCMS SQL injection vulnerability GeniXCMS SQL injection vulnerability SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
ghsaosv
CVE-2017-8827P3CRITICAL≥ 0, < 1.1.22022-05-17
CVE-2017-8827 [CRITICAL] CWE-287 GeniXCMS Arbitrary User Password Reset Vulnerability GeniXCMS Arbitrary User Password Reset Vulnerability forgotpassword.php in GeniXCMS lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
ghsaosv
CVE-2017-8388P4MEDIUM≥ 0, < 1.1.02022-05-13
CVE-2017-8388 [MEDIUM] GeniXCMS Mailbox validation logic vulnerability GeniXCMS Mailbox validation logic vulnerability GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.
ghsaosv
CVE-2017-17431P4MEDIUMCVSS 6.1≥ 0, ≤ 1.1.52022-05-17
CVE-2017-17431 [MEDIUM] CWE-79 GeniXCMS XSS Vulnerability GeniXCMS XSS Vulnerability GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
ghsaosv
CVE-2017-14231P4MEDIUM≥ 0, < 1.1.02022-05-17
CVE-2017-14231 [MEDIUM] CWE-20 GeniXCMS denial of service (account blockage) GeniXCMS denial of service (account blockage) GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php.
ghsaosv
CVE-2022-24563P4MEDIUM≥ 0, ≤ 1.1.112022-03-04
CVE-2022-24563 [MEDIUM] CWE-79 Cross-site Scripting in GeniXCMS Cross-site Scripting in GeniXCMS In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.
ghsaosv
CVE-2017-8376P4MEDIUM≥ 0, < 1.1.02022-05-17
CVE-2017-8376 [MEDIUM] CWE-79 GeniXCMS Cross-site Scripting (XSS) GeniXCMS Cross-site Scripting (XSS) GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.
ghsaosv
CVE-2017-8762P4MEDIUM≥ 0, < 1.1.12022-05-17
CVE-2017-8762 [MEDIUM] CWE-79 GeniXCMS Cross-site Scripting (XSS) GeniXCMS Cross-site Scripting (XSS) GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.
ghsaosv
CVE-2017-8780P4MEDIUM≥ 0, < 1.1.02022-05-17
CVE-2017-8780 [MEDIUM] CWE-79 GeniXCMS Cross-site Scripting GeniXCMS Cross-site Scripting GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.
ghsaosv
Genix Cms vulnerabilities | cvebase