33 matches found
CVE-2018-9850
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...
CVE-2018-9851
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...
EUVD-2018-21444
Malware in sbrugna...
EUVD-2018-21441
Malware in sbrugna...
EUVD-2018-21446
Malware in sbrugna...
EUVD-2018-21442
Malware in sbrugna...
EUVD-2018-21445
Malware in sbrugna...
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
CVE-2018-9850
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
Design/Logic Flaw
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...
CVE-2018-9851
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
CVE-2018-9850
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...
CVE-2018-9851
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
CVE-2018-9852
In Gxlcms QY v1.0.0713, the vulnerable component is Lib\Lib\Action\Home\HitsAction.class.php. The issue allows remote attackers to read data from the database by injecting a FROM clause into the query string of a Home-Hits request (e.g., sid=user,password%20from%20mysql.user%23). This appears as ...
CVE-2018-9851
Gxlcms QY v1.0.0713 contains an arbitrary file-read vulnerability in Lib\Lib\Action\Admin\TplAction.class.php. The root cause is a path traversal flaw that permits remote attackers to read files by supplying a modified pathname in an Admin-Tpl request, demonstrated via using '|' as a directory se...
Gxlcms QY Arbitrary File Read Vulnerability
Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Admin\TplAction.class.php file in Gxlcms QY version 1.0.0713. The vulnerability can be exploited by a remote attacker to read arbitrary files with the help of a changed pathname in an Admin-T...
Gxlcms QY Information Disclosure Vulnerability
Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Home\HitsAction.class.php file in Gxlcms QY version 1.0.0713. The vulnerability can be exploited by a remote attacker to read data from the database by injecting FROM clauses into the query...