Vulnerabilities > CVE-2017-14979 - Unspecified vulnerability in Gxlcms

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gxlcms

NVD

Published: 2017-10-03

Updated: 2019-10-03

Summary

Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.

Vulnerable Configurations

Part	Description	Count
Application	Gxlcms Gxlcms Gxlcms -	1

References

https://github.com/Blck4/blck4/blob/master/Gxlcms%20POC.php