Vulnerabilities > Gxlcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-18487 Information Exposure vulnerability in Gxlcms 2.0
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
network
low complexity
gxlcms CWE-200
5.0
2018-09-07 CVE-2018-16655 Cross-site Scripting vulnerability in Gxlcms 1.0
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
network
gxlcms CWE-79
4.3
2018-09-05 CVE-2018-16437 Path Traversal vulnerability in Gxlcms 2.0
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.
network
low complexity
gxlcms CWE-22
4.0
2018-09-05 CVE-2018-16436 SQL Injection vulnerability in Gxlcms 2.0
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
network
low complexity
gxlcms CWE-89
6.5
2018-08-08 CVE-2018-15177 Cross-Site Request Forgery (CSRF) vulnerability in Gxlcms 2.0
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
network
gxlcms CWE-352
6.8
2018-07-28 CVE-2018-14685 Information Exposure vulnerability in Gxlcms 1.1.4
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.
network
low complexity
gxlcms CWE-200
5.0
2018-04-08 CVE-2018-9852 Information Exposure vulnerability in Gxlcms QY 1.0.0713
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.
network
low complexity
gxlcms CWE-200
5.0
2018-04-08 CVE-2018-9851 Path Traversal vulnerability in Gxlcms QY 1.0.0713
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.
network
low complexity
gxlcms CWE-22
5.0
2018-04-08 CVE-2018-9850 Path Traversal vulnerability in Gxlcms QY 1.0.0713
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
network
low complexity
gxlcms CWE-22
6.4
2017-10-03 CVE-2017-14979 Unspecified vulnerability in Gxlcms
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.
network
low complexity
gxlcms
5.0