Vulnerabilities > Gxlcms > Gxlcms > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-18 | CVE-2018-18488 | SQL Injection vulnerability in Gxlcms 2.0 In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. | 7.5 |
| 2018-10-18 | CVE-2018-18487 | Information Exposure vulnerability in Gxlcms 2.0 In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations. | 5.0 |
| 2018-09-05 | CVE-2018-16437 | Path Traversal vulnerability in Gxlcms 2.0 Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. | 4.0 |
| 2018-09-05 | CVE-2018-16436 | SQL Injection vulnerability in Gxlcms 2.0 Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. | 6.5 |
| 2018-08-08 | CVE-2018-15177 | Cross-Site Request Forgery (CSRF) vulnerability in Gxlcms 2.0 In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | 6.8 |