2 matches found
CVE-2018-11550
The CVE-2018-11550 entry maps to CVE-2018-9850 (duplicate). Connected data show a concrete vulnerability in Gxlcms QY v1.0.0713 affecting the Lib\Lib\Action\Admin\DataAction.class.php, where the id parameter in Admin-Data-del requests can be manipulated to cause remote deletion of arbitrary files...
CVE-2018-9850
In Gxlcms QY v1.0.0713, the Lib\Lib\Action\Admin\DataAction.class.php component exposes a directory traversal flaw in the id parameter of the Admin-Data-del request, enabling remote attackers to delete arbitrary files. This is documented across multiple sources (e.g., Red Hat, CVE records, CNVD)....