Gxlcms QY Arbitrary File Read Vulnerability

Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Admin\TplAction.class.php file in Gxlcms QY version 1.0.0713. The vulnerability can be exploited by a remote attacker to read arbitrary files with the help of a changed pathname in an Admin-T...

GxlcmsQY Arbitrary PHP Code Execution Vulnerability

Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the 'upsql' function in the \Lib\Lib\Action\Admin\DataAction.class.php file in Gxlcms QY version 1.0.0713. A remote attacker can exploit this vulnerability by executing arbitrary SQL statements with the help of...