Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2018-9851
HistoryApr 08, 2018 - 2:00 a.m.

CVE-2018-9851

2018-04-0802:00:00
mitre
www.cve.org
3
gxlcms qy v1.0.0713
file reading
remote attackers
pathname manipulation

AI Score

7.5

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of ‘|’ instead of ‘/’ as a directory separator, in conjunction with a “…” sequence.

Related

nvd 1
cve 1
prion 1
nvd
nvd
CVE-2018-9851
2018-04-08 02:29:00
cve
cve
CVE-2018-9851
2018-04-08 02:29:00
prion
prion
Design/Logic Flaw
2018-04-08 02:29:00

AI Score

7.5

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON
Related for CVELIST:CVE-2018-9851
nvd1cve1prion1