Vulnerabilities > Gxlcms > Gxlcms QY > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-08 CVE-2018-9851 Path Traversal vulnerability in Gxlcms QY 1.0.0713
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.
network
low complexity
gxlcms CWE-22
7.5
7.5
2018-04-08 CVE-2018-9850 Path Traversal vulnerability in Gxlcms QY 1.0.0713
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
network
low complexity
gxlcms CWE-22
7.5
7.5