Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown
CVE-2020-20975
Disclosure Date: August 12, 2021 (last updated February 23, 2025)
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
0
Attacker Value
Unknown
CVE-2018-14685
Disclosure Date: July 28, 2018 (last updated November 27, 2024)
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.
0
