GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| genix/cms(Packagist) | 0 | 1.1.0 | N/A |
CVSS Metrics
