CVE-2018-9850

2018-04-08T02:29:00
ID CVE-2018-9850
Type cve
Reporter cve@mitre.org
Modified 2018-05-14T13:56:00

Description

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.