Vulnerabilities (CVE)

Filtered by vendor Gxlcms Subscribe

Filtered by product Gxlcms Qy

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-9851	1 Gxlcms	1 Gxlcms Qy	2018-05-17	5.0 MEDIUM	7.5 HIGH
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '\|' instead of '/' as a directory separator, in conjunction with a ".." sequence.
CVE-2018-9850	1 Gxlcms	1 Gxlcms Qy	2018-05-14	6.4 MEDIUM	7.5 HIGH
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.