概要
Legacy PHP CMS installations often survive as marketing microsites, inherited blogs, and old customer portals. CVE-2017-5517 affects GeniXCMS through 0.0.8 when the author route's `type` parameter reaches SQL construction unsafely.
仕組み
This active check confirms whether user-controlled input or workflow behavior crosses a security boundary. Public docs keep the explanation high-level so customers understand the risk. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.
被害範囲
A reachable affected route can expose database confidentiality, integrity, and availability depending on database privileges and surrounding controls. FixVibe reports this as a likely issue because it verifies SQL error behavior, but it does not extract records or prove full database compromise.
// what fixvibe checks
What FixVibe checks
FixVibe checks this class with verified-domain active testing that is bounded, non-destructive, and evidence-driven. Public reports describe the affected surface and remediation. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.
鉄壁の防御
Upgrade GeniXCMS beyond 0.0.8 or apply the upstream author.control.php patch. During rollout, restrict public access to affected author routes and ensure the `type` filter is allowlisted and passed through parameterized database APIs.