Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2018-18487

Disclosure Date: October 18, 2018 (last updated November 27, 2024)
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
0
0
Attacker Value
Unknown

CVE-2018-18488

Disclosure Date: October 18, 2018 (last updated November 27, 2024)
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.
0
0
Attacker Value
Unknown

CVE-2018-16437

Disclosure Date: September 05, 2018 (last updated November 27, 2024)
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.
0
0
Attacker Value
Unknown

CVE-2018-16436

Disclosure Date: September 05, 2018 (last updated November 27, 2024)
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
0
0
Attacker Value
Unknown

CVE-2018-15177

Disclosure Date: August 08, 2018 (last updated November 27, 2024)
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
0
0