CVE-2017-14231: Improper Input Validation

September 10, 2017 (updated September 19, 2017)

GeniXCMS allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.

References

nvd.nist.gov/vuln/detail/CVE-2017-14231

Detect and mitigate CVE-2017-14231 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →