Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
PHP
SQLi
Genixcms
NVD
Exploit-DB
GitHub
CVSS 2.0
7.5
EPSS
8.3%