VYPR
Critical severity9.8NVD Advisory· Published Apr 7, 2018· Updated Jun 17, 2026

CVE-2018-9847

CVE-2018-9847

Description

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.

Affected products

2
  • Gxlcms/Qyinferred2 versions
    = 1.0.0713+ 1 more
    • (no CPE)range: = 1.0.0713
    • (no CPE)range: = 1.0.0713

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.