CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 12:12 p.m.•3 views

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

7.5CVSS7AI score0.00374EPSS

9.8CVSS9.5AI score0.0025EPSS

EUVD-2018-10213

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-6579

Malware in sbrugna...

9.8CVSS9.5AI score0.00389EPSS

7.5CVSS7.6AI score0.003EPSS

EUVD-2018-10212

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS

EUVD-2018-8457

Malware in sbrugna...

Exploits1References3

4.9CVSS5.2AI score0.00792EPSS

EUVD-2018-8277

Malware in sbrugna...

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6455

Malware in sbrugna...

7.5CVSS7.6AI score0.00315EPSS

8.8CVSS8.8AI score0.00134EPSS

EUVD-2018-7057

Malware in sbrugna...

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2018-20841

Malware in sbrugna...

9.8CVSS9.5AI score0.00944EPSS

7.5CVSS7.6AI score0.00425EPSS

EUVD-2018-21444

Malware in sbrugna...

7.5CVSS7.6AI score0.00374EPSS

EUVD-2018-21445

Malware in sbrugna...

9.8CVSS9.5AI score0.00944EPSS

EUVD-2018-21442

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-13754

Malware in sbrugna...

9.8CVSS9.2AI score0.00264EPSS

9.8CVSS9.5AI score0.00944EPSS

EUVD-2018-21441

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-21446

Malware in sbrugna...

9.8CVSS9.2AI score0.00437EPSS

RedhatCVE•added 2025/05/22 3:18 p.m.•11 views

CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...

9.8CVSS8.2AI score0.00264EPSS

Exploits1

RedhatCVE•added 2025/05/22 1:12 p.m.•5 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

9.8CVSS6.9AI score0.00437EPSS

RedhatCVE•added 2025/05/22 7:38 a.m.•4 views

CVE-2018-18488

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids parameter...

9.8CVSS8.2AI score0.0025EPSS

RedhatCVE•added 2025/05/22 6:28 a.m.•6 views

CVE-2018-18487

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mtrand unsafely, resulting in predictable database backup file locations...

7.5CVSS7AI score0.003EPSS