metalgenix

Top products

The 15 most recently published vulnerabilities affecting metalgenix.

• CVE-2022-24563In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.5.4Mar 3, 2022
• CVE-2020-10057GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protecti...8.8Mar 4, 2020
• CVE-2018-14476GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.6.1Dec 31, 2019
• CVE-2015-3933Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2...9.8Nov 8, 2017
• CVE-2017-5959CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.9.8Feb 21, 2017
• CVE-2017-6065SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.8.8Feb 17, 2017
• CVE-2017-5575SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.9.8Jan 23, 2017
• CVE-2017-5574SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.9.8Jan 23, 2017
• CVE-2017-5519SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.9.8Jan 17, 2017
• CVE-2017-5518The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.7.4Jan 17, 2017
• CVE-2017-5515Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.5.4Jan 17, 2017
• CVE-2017-5520The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files w...8.8Jan 17, 2017
• CVE-2017-5516Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.6.1Jan 17, 2017
• CVE-2017-5517SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.9.8Jan 17, 2017
• CVE-2017-5345SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the defau...8.8Jan 12, 2017