CVE-2018-18487

Published: Oct 18, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.

Affected (1)

Products: Gxlcms: Gxlcms

Gxlcms

1 product

Gxlcms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gxlcms Gxlcms	Version 2.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://sunu11.com/2018/10/18/glxcms/

Source: cve@mitre.org

ExploitThird Party Advisory

http://sunu11.com/2018/10/18/glxcms/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.