In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-08-12