CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...

Gxlcms SQL Injection Vulnerability (CNVD-2018-21608)

Gxlcms is an enterprise website creation system. A SQL injection vulnerability exists in the \lib\admin\action\dataaction.class.php file in Gxlcms version 2.0. A remote attacker can exploit this vulnerability by executing arbitrary SQL commands with the 'ids' parameter...

Code Execution Vulnerability in Gxlcms News System DataAction.class.php

Gxlcms News System is a news cms content management system developed in php+mysql. A code execution vulnerability exists in DataAction.class.php of Gxlcms News System. An attacker can exploit the vulnerability to obtain a webshell...

Directory traversal

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

Arbitrary File Read Vulnerability in GxlcmsQY System

GxlcmsQY system is a simple program tailored for business users. GxlcmsQY System\Lib\Lib\Action\Admin\DataAction.class.php contains an arbitrary file reading vulnerability. An attacker can exploit the vulnerability to read arbitrary files and obtain sensitive information...