CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18487

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://sunu11.com/2018/10/18/glxcms/
http://sunu11.com/2018/10/18/glxcms/

Products affected by CVE-2018-18487

Gxlcms » Gxlcms » Version: 2.0

cpe:2.3:a:gxlcms:gxlcms:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18487

Products

Pricing

Contact Us