Known Vulnerabilities for products from Metalgenix

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Metalgenix".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2022-24563	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	5.4 - MEDIUM	2022-03-03	2022-03-09
CVE-2020-10057	GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incom...	8.8 - HIGH	2020-03-04	2020-03-05
CVE-2018-14476	GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.	6.1 - MEDIUM	2019-12-31	2020-03-17
CVE-2017-6065	SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticate...	8.8 - HIGH	2017-02-17	2017-02-23
CVE-2017-5959	CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used ...	9.8 - CRITICAL	2017-02-21	2019-10-03
CVE-2017-5575	SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrar...	9.8 - CRITICAL	2017-01-23	2017-01-26
CVE-2017-5574	SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL co...	9.8 - CRITICAL	2017-01-23	2017-01-26
CVE-2017-5520	The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded f...	8.8 - HIGH	2017-01-17	2019-10-03
CVE-2017-5519	SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL com...	9.8 - CRITICAL	2017-01-17	2017-01-27
CVE-2017-5518	The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonst...	7.4 - HIGH	2017-01-17	2017-01-27
CVE-2017-5517	SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL ...	9.8 - CRITICAL	2017-01-17	2017-01-27
CVE-2017-5516	Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inj...	6.1 - MEDIUM	2017-01-17	2017-01-23
CVE-2017-5515	Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated us...	5.4 - MEDIUM	2017-01-17	2017-01-23
CVE-2017-5347	SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to...	7.2 - HIGH	2017-01-12	2017-01-27
CVE-2017-5345	SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated edito...	8.8 - HIGH	2017-01-12	2017-01-27
CVE-2015-5066	Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitra...	4.3 - MEDIUM	2015-06-24	2018-10-09
CVE-2015-3933	Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attac...	9.8 - CRITICAL	2017-11-08	2017-11-28
CVE-2015-2680	Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the aut...	6.8 - MEDIUM	2015-03-23	2016-12-03

Known software with vulnerabilities from Metalgenix

Type	Vendor	Product	Version
Application	Metalgenix	Genixcms	0.0.1