Vulnerabilities > Gxlcms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-12	CVE-2020-20975	SQL Injection vulnerability in Gxlcms 1.1 In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. network low complexity gxlcms CWE-89 critical	9.8
2018-10-18	CVE-2018-18488	SQL Injection vulnerability in Gxlcms 2.0 In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. network low complexity gxlcms CWE-89 critical	9.8
2018-10-18	CVE-2018-18487	Information Exposure vulnerability in Gxlcms 2.0 In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations. network low complexity gxlcms CWE-200	7.5
2018-09-07	CVE-2018-16655	Cross-site Scripting vulnerability in Gxlcms 1.0 Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. network low complexity gxlcms CWE-79	6.1
2018-09-05	CVE-2018-16437	Path Traversal vulnerability in Gxlcms 2.0 Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. network low complexity gxlcms CWE-22	4.9
2018-09-05	CVE-2018-16436	SQL Injection vulnerability in Gxlcms 2.0 Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. network low complexity gxlcms CWE-89	7.2
2018-08-08	CVE-2018-15177	Cross-Site Request Forgery (CSRF) vulnerability in Gxlcms 2.0 In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. network low complexity gxlcms CWE-352	8.8
2018-07-28	CVE-2018-14685	Information Exposure vulnerability in Gxlcms 1.1.4 The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php. network low complexity gxlcms CWE-200 critical	9.8
2018-04-08	CVE-2018-9852	Information Exposure vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. network low complexity gxlcms CWE-200 critical	9.8
2018-04-08	CVE-2018-9851	Path Traversal vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '\|' instead of '/' as a directory separator, in conjunction with a ".." sequence. network low complexity gxlcms CWE-22	7.5

Vulnerabilities > Gxlcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Gxlcms"}]}

Vulnerabilities > Gxlcms