Vulnerabilities (CVE)

Filtered by vendor Genixcms Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-14763	1 Genixcms	1 Genixcms	2019-10-03	6.5 MEDIUM	8.8 HIGH
In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.
CVE-2017-5346	1 Genixcms	1 Genixcms	2019-03-15	6.5 MEDIUM	7.2 HIGH
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
CVE-2017-14764	1 Genixcms	1 Genixcms	2017-09-29	6.5 MEDIUM	8.8 HIGH
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.
CVE-2017-8377	1 Genixcms	1 Genixcms	2017-05-10	6.5 MEDIUM	8.8 HIGH
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
CVE-2016-10096	1 Genixcms	1 Genixcms	2017-04-11	7.5 HIGH	7.3 HIGH
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.