{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.1.4"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "75d3006ddf2e60beefdd8ef4398a7e430d9113d3"
            }
          ],
          "repo": "https://github.com/semplon/genixcms",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.",
  "id": "CVE-2017-14764",
  "modified": "2026-03-13T21:52:22.656487733Z",
  "published": "2017-09-27T08:29:00.483Z",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}