PatchSiren cyber security CVE debrief
CVE-2017-5519 Metalgenix CVE debrief
CVE-2017-5519 is a critical SQL injection vulnerability affecting GeniXCMS through version 0.0.8. The issue is in Posts.class.php and can be triggered remotely through the id parameter, allowing an attacker to execute arbitrary SQL commands. NVD rates the flaw as CVSS 3.0 9.8 with no privileges or user interaction required.
- Vendor
- Metalgenix
- Product
- CVE-2017-5519
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-17
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-17
- Advisory updated
- 2026-05-13
Who should care
Administrators and developers running GeniXCMS installations through 0.0.8 should treat this as urgent, especially if the application is internet-facing or handles sensitive data. Security teams responsible for web application scanning, patch validation, and database exposure should prioritize it as well.
Technical summary
NVD classifies the weakness as CWE-89 (SQL Injection) and assigns CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The affected product entry covers GeniXCMS versions up to and including 0.0.8. The public references point to a SecurityFocus advisory and a GitHub issue marked with exploit, issue tracking, and patch-related tags, indicating the vulnerability was publicly tracked and remediated in the project workflow.
Defensive priority
Urgent: this is a remotely reachable, unauthenticated database injection with full confidentiality, integrity, and availability impact.
Recommended defensive actions
- Confirm whether any deployed GeniXCMS instance is at version 0.0.8 or earlier.
- Upgrade to a fixed GeniXCMS release if one is available from the project maintainers.
- Review application logs and database logs for unusual queries involving the id parameter.
- Restrict external access to affected instances until remediation is complete.
- Validate that any patch or workaround is actually present in production, not just in source or staging.
- Rotate credentials and assess database impact if exploitation is suspected.
Evidence notes
This debrief is based on the supplied NVD record and official references only. The NVD entry reports affected CPE criteria for cpe:2.3:a:metalgenix:genixcms with versionEndIncluding 0.0.8, CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and weakness CWE-89. References include a SecurityFocus BID entry and a GitHub issue on semplon/GeniXCMS tagged as exploit, issue tracking, and patch. The provided vendor field says Metalgenix, while the vulnerability description and CPE criteria identify GeniXCMS; this debrief follows the product information in the vulnerability record.
Official resources
-
CVE-2017-5519 CVE record
CVE.org
-
CVE-2017-5519 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Exploit, Issue Tracking, Patch, Third Party Advisory
Publicly disclosed and published by NVD on 2017-01-17. The supplied record was later modified by NVD on 2026-05-13; that later date reflects record maintenance, not initial disclosure.