Vulnerabilities > Gxlcms > Gxlcms

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-18488 SQL Injection vulnerability in Gxlcms 2.0
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.
network
low complexity
gxlcms CWE-89
7.5
7.5
2018-10-18 CVE-2018-18487 Information Exposure vulnerability in Gxlcms 2.0
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
network
low complexity
gxlcms CWE-200
5.0
5.0
2018-09-07 CVE-2018-16655 Cross-site Scripting vulnerability in Gxlcms 1.0
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
network
gxlcms CWE-79
4.3
4.3
2018-09-05 CVE-2018-16437 Path Traversal vulnerability in Gxlcms 2.0
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.
network
low complexity
gxlcms CWE-22
4.0
4.0
2018-09-05 CVE-2018-16436 SQL Injection vulnerability in Gxlcms 2.0
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
network
low complexity
gxlcms CWE-89
6.5
6.5
2018-08-08 CVE-2018-15177 Cross-Site Request Forgery (CSRF) vulnerability in Gxlcms 2.0
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
network
gxlcms CWE-352
6.8
6.8
2018-07-28 CVE-2018-14685 Information Exposure vulnerability in Gxlcms 1.1.4
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.
network
low complexity
gxlcms CWE-200
5.0
5.0
2017-10-03 CVE-2017-14979 Unspecified vulnerability in Gxlcms
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.
network
low complexity
gxlcms
5.0
5.0