2 matches found
CVE-2018-18488
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids parameter...
CVE-2018-18488
Gxlcms v2.0 is affected by a SQL injection in the file \lib\admin\action\dataaction.class.php via the ids[] parameter. Connected sources (NVD, RH, CNVD) describe remote exploitation with arbitrary SQL execution, with network access and no authentication required (per CVSS 3.0/2.0 vectors). No con...