VYPR
High severity7.5NVD Advisory· Published Oct 18, 2018· Updated Jun 17, 2026

CVE-2018-18487

CVE-2018-18487

Description

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.

Affected products

2
  • Gxlcms/Gxlcmsinferred2 versions
    = 2.0+ 1 more
    • (no CPE)range: = 2.0
    • (no CPE)range: = 2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.