EPSS
Percentile
61.4%
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
www.atksec.com/cve/GxlcmsQY-v1.0.0713-filedelete/index.html