Filtered by vendor Metalgenix
Subscribe
Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5959 | 1 Metalgenix | 1 Genixcms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. | |||||
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | |||||
| CVE-2017-5517 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||||
| CVE-2017-5519 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-5575 | 1 Metalgenix | 1 Genixcms | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | |||||
| CVE-2017-5574 | 1 Metalgenix | 1 Genixcms | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | |||||