Описание
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-2679
- https://github.com/semplon/GeniXCMS/issues/7
- https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
- http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17
- http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16
- http://osvdb.org/show/osvdb/119392
- http://osvdb.org/show/osvdb/119393
- http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html
- http://www.exploit-db.com/exploits/36321
- http://www.securityfocus.com/bid/73297
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php
Связанные уязвимости
nvd
почти 11 лет назад
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.