Improper Control of Generation of Code ('Code Injection') Affecting genix/cms package, versions >=0.0.0


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.3% (71st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-GENIXCMS-6674126
  • published 26 Apr 2024
  • disclosed 13 May 2022
  • credit Unknown

How to fix?

There is no fixed version for genix/cms.

Overview

genix/cms is a Simple and Free Opensource CMS and Framework.

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') via the Install Themes page, allowing remote authenticated users to execute arbitrary code by uploading a ZIP archive containing a .php file.

References