CVE-2018-9850

2018-04-07T22:29:00
ID CVE-2018-9850
Type cve
Reporter NVD
Modified 2018-05-14T09:56:17

Description

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.