Gxlcms Qy Security Vulnerabilities and Issues — Gxlcms Qy CVE List

Lucene search

GxlcmsGxlcms Qy

4 matches found

CVE•added 2018/04/08 2:29 a.m.•40 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.

9.8CVSS9.1AI score0.00461EPSS

CVE•added 2018/04/07 9:29 p.m.•34 views

CVE-2018-9848

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

9.8CVSS9.7AI score0.00994EPSS

CVE•added 2018/04/04 12:29 a.m.•33 views

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a

9.8CVSS9.8AI score0.00994EPSS

CVE•added 2018/04/07 9:29 p.m.•31 views

CVE-2018-9847

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.

9.8CVSS9.6AI score0.00994EPSS