← Back

Gxlcms

gxlcms

Vendor: Gxlcms • 9 CVEs

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-20975
1Gxlcms
1Gxlcms
Nov 21, 2024
Aug 12, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
CVE-2018-18488
1Gxlcms
1Gxlcms
Nov 21, 2024
Oct 18, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.
CVE-2018-18487
1Gxlcms
1Gxlcms
Nov 21, 2024
Oct 18, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
CVE-2018-16655
1Gxlcms
1Gxlcms
Nov 21, 2024
Sep 7, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
CVE-2018-16437
1Gxlcms
1Gxlcms
Nov 21, 2024
Sep 5, 2018
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.
CVE-2018-16436
1Gxlcms
1Gxlcms
Nov 21, 2024
Sep 5, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
CVE-2018-15177
1Gxlcms
1Gxlcms
Nov 21, 2024
Aug 8, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
CVE-2018-14685
1Gxlcms
1Gxlcms
Nov 21, 2024
Jul 28, 2018
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.p...Show more
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.Show less
CVE-2017-14979
1Gxlcms
1Gxlcms
May 13, 2026
Oct 3, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Ac...Show more
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.Show less