CVE-2015-3933: MetalGenix GeniXCMS vulnerable to SQL Injection

May 17, 2022 (updated April 23, 2025)

Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.

References

github.com/GeniXCMS/GeniXCMS
github.com/advisories/GHSA-q4hw-62mx-q37w
github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch
nvd.nist.gov/vuln/detail/CVE-2015-3933
www.exploit-db.com/exploits/37363

Code Behaviors & Features

Detect and mitigate CVE-2015-3933 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →