AI Score
Confidence
High
EPSS
Percentile
86.9%
In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
www.atksec.com/cve/GxlcmsQY-v1.0.0713-update-template-getshell/index.html