2 matches found
CVE-2020-20975
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...
CVE-2020-20975
The CVE-2020-20975 entry relates to Gxlcms v1.1, where a SQL Injection flaw exists in the file lib/admin/action/dataaction.class.php via the $filename parameter. Multiple connected records confirm the affected component and root cause: untrusted input in the dataaction class leads to SQL injectio...