CVE-2018-9247
The CVE-2018-9247 entry concerns Gxlcms QY v1.0.0713. The vulnerability is in the upsql function of \Lib\Lib\Action_Admin\DataAction.class.php, allowing remote attackers to execute arbitrary SQL via the sql parameter, and subsequently execute arbitrary PHP code by placing it after a