VYPR
Vendor

Gxlcms

Products
2
CVEs
15
Across products
15
Status
Private

Products

2

Recent CVEs

15
  • CVE-2020-20975CriAug 12, 2021
    risk 0.64cvss 9.8epss 0.01

    In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.

  • CVE-2018-18488CriOct 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.

  • CVE-2018-14685CriJul 28, 2018
    risk 0.64cvss 9.8epss 0.02

    The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.

  • CVE-2018-9852CriApr 8, 2018
    risk 0.64cvss 9.8epss 0.01

    In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.

  • CVE-2018-9848CriApr 7, 2018
    risk 0.64cvss 9.8epss 0.02

    In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to…

  • CVE-2018-9847CriApr 7, 2018
    risk 0.64cvss 9.8epss 0.02

    In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.

  • CVE-2018-9247CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then…

  • CVE-2018-15177HigAug 8, 2018
    risk 0.57cvss 8.8epss 0.01

    In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.

  • CVE-2018-18487HigOct 18, 2018
    risk 0.49cvss 7.5epss 0.01

    In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.

  • CVE-2018-9851HigApr 8, 2018
    risk 0.49cvss 7.5epss 0.02

    In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.

  • CVE-2018-9850HigApr 8, 2018
    risk 0.49cvss 7.5epss 0.02

    In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.

  • CVE-2017-14979HigOct 3, 2017
    risk 0.49cvss 7.5epss 0.01

    Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.

  • CVE-2018-16436HigSep 5, 2018
    risk 0.47cvss 7.2epss 0.01

    Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.

  • CVE-2018-16655MedSep 7, 2018
    risk 0.40cvss 6.1epss 0.01

    Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.

  • CVE-2018-16437MedSep 5, 2018
    risk 0.32cvss 4.9epss 0.02

    Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.