7 matches found
EUVD-2018-10212
Malware in sbrugna...
CVE-2018-18487
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mtrand unsafely, resulting in predictable database backup file locations...
Design/Logic Flaw
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mtrand unsafely, resulting in predictable database backup file locations...
Sql injection
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids parameter...
CVE-2018-18487
The CVE-2018-18487 entry affects Gxlcms v2.0, specifically the database backup filename generation in \lib\admin\action\dataaction.class.php. The vulnerability stems from using mt_rand() in filename creation, causing predictable backup file locations. The documents do not provide exploit details,...
CVE-2018-18488
Gxlcms v2.0 is affected by a SQL injection in the file \lib\admin\action\dataaction.class.php via the ids[] parameter. Connected sources (NVD, RH, CNVD) describe remote exploitation with arbitrary SQL execution, with network access and no authentication required (per CVSS 3.0/2.0 vectors). No con...
CVE-2018-18488
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids parameter...