Gxlcms: Security Vulnerabilities
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-08-12
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-18
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-18
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-07
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-09-05
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.
CVSS Score
4.9
EPSS Score
0.008
Published
2018-09-05
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-08
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-07-28
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-08
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-08
Page 1