Lucene search
K

33 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:14 p.m.10 views

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

7.5CVSS7AI score0.01892EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:12 p.m.5 views

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

7.5CVSS7AI score0.01848EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-21444

Malware in sbrugna...

7.5CVSS7.6AI score0.01892EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-21441

Malware in sbrugna...

9.8CVSS9.5AI score0.01577EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-21446

Malware in sbrugna...

9.8CVSS9.2AI score0.01391EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-21442

Malware in sbrugna...

9.8CVSS9.5AI score0.02236EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-21445

Malware in sbrugna...

7.5CVSS7.6AI score0.01848EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 1:12 p.m.7 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

9.8CVSS6.9AI score0.01391EPSS
Exploits1References1
OSV
OSV
added 2018/04/08 2:29 a.m.3 views

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

7.5CVSS5.8AI score0.01892EPSS
Exploits1References1
NVD
NVD
added 2018/04/08 2:29 a.m.19 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

9.8CVSS9.3AI score0.01391EPSS
Exploits1References1
Prion
Prion
added 2018/04/08 2:29 a.m.11 views

Design/Logic Flaw

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

5CVSS7.4AI score0.01848EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/04/08 2:29 a.m.5 views

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

7.5CVSS5.7AI score0.01848EPSS
Exploits1References1
OSV
OSV
added 2018/04/08 2:29 a.m.5 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

9.8CVSS5.8AI score0.01391EPSS
Exploits1References1
NVD
NVD
added 2018/04/08 2:29 a.m.19 views

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

7.5CVSS7.5AI score0.01892EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/08 2:0 a.m.20 views

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

7.5AI score0.01848EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/08 2:0 a.m.20 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

9.3AI score0.01391EPSS
Exploits1References1
CVE
CVE
added 2018/04/08 2:0 a.m.55 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, the vulnerable component is Lib\Lib\Action\Home\HitsAction.class.php. The issue allows remote attackers to read data from the database by injecting a FROM clause into the query string of a Home-Hits request (e.g., sid=user,password%20from%20mysql.user%23). This appears as ...

9.8CVSS9.1AI score0.01391EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/04/08 2:0 a.m.42 views

CVE-2018-9851

Gxlcms QY v1.0.0713 contains an arbitrary file-read vulnerability in Lib\Lib\Action\Admin\TplAction.class.php. The root cause is a path traversal flaw that permits remote attackers to read files by supplying a modified pathname in an Admin-Tpl request, demonstrated via using '|' as a directory se...

7.5CVSS7.4AI score0.01848EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/04/08 12:0 a.m.6 views

Gxlcms QY Arbitrary File Read Vulnerability

Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Admin\TplAction.class.php file in Gxlcms QY version 1.0.0713. The vulnerability can be exploited by a remote attacker to read arbitrary files with the help of a changed pathname in an Admin-T...

7.5CVSS6.9AI score0.01848EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/08 12:0 a.m.5 views

Gxlcms QY Information Disclosure Vulnerability

Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Home\HitsAction.class.php file in Gxlcms QY version 1.0.0713. The vulnerability can be exploited by a remote attacker to read data from the database by injecting FROM clauses into the query...

9.8CVSS6.8AI score0.01391EPSS
Exploits1References1
Rows per page
Query Builder