Vulnerabilities > CVE-2017-14979 - Unspecified vulnerability in Gxlcms
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |