vendor:
Gecko CMS
by:
Gjoko 'LiquidWorm' Krstic
7.5
CVSS
HIGH
Cross-Site Request Forgery, Stored and Reflected Cross-Site Scripting and SQL Injection
352, 79, 89
CWE
Product Name: Gecko CMS
Affected Version From: 2.2
Affected Version To: 2.3
Patch Exists: YES
Related CWE: N/A
CPE: a:jakweb:gecko_cms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Apache/2, PHP/5.4.36
2015
Gecko CMS 2.3 Multiple Vulnerabilities
Gecko CMS suffers from multiple vulnerabilities including Cross-Site Request Forgery, Stored and Reflected Cross-Site Scripting and SQL Injection.
Mitigation:
Implement input validation, authentication and authorization controls, and use of secure coding practices.
