CVE-2017-5345 - CVE Vulnerability

SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. (CVSS:6.5) (Last Update:2017-01-12)

Vulnerability Details : SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. Publish Date : 2017-01-12 Last Update Date : 2017-01-12 - CVSS Scores & Vulnerability Types CVSS Score 6.5 Confidentiality Impact Partial(There is considerable informational disclosure.) Integrity Impact Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial(There is reduced performance or interruptions in resource availability.) Access Complexity Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Single system(The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).) Gained Access None Vulnerability Type(s) Execute CodeSql Injection CWE ID 89 - Products Affected By CVE-2017-5345 # Product Type Vendor Product Version Update Edition Language 1 Application Metalgenix Genixcms 0.0.8 Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions Metalgenix Genixcms 1 - References For CVE-2017-5345 https://github.com/semplon/GeniXCMS/commit/6e21c01d87672d81080450e6913e0093a02bfab8 https://github.com/semplon/GeniXCMS/issues/60

- Metasploit Modules Related To CVE-2017-5345 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)