Vulnerabilities > Gxlcms

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-07	CVE-2018-9848	Code Injection vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request. network low complexity gxlcms CWE-94	7.5
2018-04-07	CVE-2018-9847	Code Injection vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. network low complexity gxlcms CWE-94	7.5
2018-04-04	CVE-2018-9247	SQL Injection vulnerability in Gxlcms QY 1.0.0713 The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. network low complexity gxlcms CWE-89	7.5
2017-10-03	CVE-2017-14979	Unspecified vulnerability in Gxlcms Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php. network low complexity gxlcms	5.0

Vulnerabilities > Gxlcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Gxlcms"}]}