Every CVE whose affected-product data names Metalgenix Genixcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2017-5574 — CVSS 9.8 (critical): SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the…
CVE-2015-3933 — CVSS 9.8 (critical): Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to…
CVE-2017-5959 — CVSS 9.8 (critical): CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a…
CVE-2017-5517 — CVSS 9.8 (critical): SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via…
CVE-2017-5519 — CVSS 9.8 (critical): SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2017-5575 — CVSS 9.8 (critical): SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands…
CVE-2017-5520 — CVSS 8.8 (high): The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP…
CVE-2020-10057 — CVSS 8.8 (high): GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for…
CVE-2017-5345 — CVSS 8.8 (high): SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute…
CVE-2017-6065 — CVSS 8.8 (high): SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to…
CVE-2017-5518 — CVSS 7.4 (high): The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL…
CVE-2017-5347 — CVSS 7.2 (high): SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute…
CVE-2015-2680 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of…
CVE-2017-5516 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary…
CVE-2017-5515 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject…
CVE-2022-24563 — CVSS 5.4 (medium): In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the…
CVE-2015-5066 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script…