8 matches found
EUVD-2020-13754
Malware in sbrugna...
CVE-2018-18488
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids parameter...
Sql injection
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...
CVE-2020-20975
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...
Path traversal
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component...
CVE-2018-18488
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids parameter...
Sql injection
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids parameter...
CVE-2018-18488
Gxlcms v2.0 is affected by a SQL injection in the file \lib\admin\action\dataaction.class.php via the ids[] parameter. Connected sources (NVD, RH, CNVD) describe remote exploitation with arbitrary SQL execution, with network access and no authentication required (per CVSS 3.0/2.0 vectors). No con...