Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2679

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-2679
Last Modified 24 Mar 2015 10:05:21
Published 23 Mar 2015 12:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2679

Summary

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

Vulnerable Systems

Application

  • Genixcms 0.0.1


References

CONFIRM - https://github.com/semplon/GeniXCMS/issues/7

CONFIRM - https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php

EXPLOIT-DB - 36321

MISC - http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html

OSVDB - 119393

OSVDB - 119392

CONFIRM - http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16

CONFIRM - http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17


Last Updated: 27 May 2016 11:08:10