Puguh Wijayanto

CVE-2015-2678 WRITEUP WRITEUP

genixcms < 0.0.1 - Cross-Site Scripting via cat or page Parameter

Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.

View Code

CVE-2015-2679 WRITEUP WRITEUP

genixcms < 0.0.1 - SQL Injection via Page or Username Parameter

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

View Code

CVE-2015-2680 WRITEUP WRITEUP

GeniXCMS < 0.0.2 - Cross-Site Request Forgery via Administrator Account Addition

Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.

View Code

CVE-2017-5345 WRITEUP HIGH WRITEUP

GeniXCMS 0.0.8 - Authenticated SQL Injection via term Parameter

SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.

CVSS 8.8

View Code